Chapter 2. Introduction to TCPdump and TCP
Now that you have learned a bit about Internet Protocol (IP), you can take a closer look at how it works by using a practical analysis tool known as TCPdump. Just as you cannot do any kind of intrusion detection or traffic analysis without knowledge of TCP/IP, you cannot do analysis without a tool of some sort. TCPdump, or its Windows cousin Windump, is a popular and widely used piece of software that can give you some insight into the traffic activity that occurs on a given network. This chapter teaches you how to manipulate the tool for your own purposes and explains the output that it displays. The ...
Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.