Chapter 4. Packet Analysis
Twas brillig, and the Protocols Did USER-SERVER in the wabe.All mimsey was the FTP, And the RJE outgrabe,Beware the ARPANET, my son; The bits that byte, the heads that scratch...
—R. Merryman, “ARPAWOCKY” (RFC 527)1
Once you have captured network traffic, what do you do with it? Depending on the nature of the investigation, you might want to analyze the protocols in use, search for a specific string, or carve out files.
Perhaps you received an alert from an IDS about suspicious traffic from a particular host and you would like to identify the cause. Or perhaps you are concerned that an employee is exporting confidential data and you need to search outbound communications for specific keywords. Or perhaps ...
Get Network Forensics: Tracking Hackers through Cyberspace now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
