Chapter 7. Packet Dissection Using TCPdump

Packet Dissection Using TCPdump

The next four chapters explore using TCPdump to analyze network traffic. TCPdump provides some wonderful benefits when used with a signature-based NIDS in a network. Most often, when signature-based NIDS detect some kind of anomalous activity, it is due to a pre-defined signature discovering a malicious packet. Typically, the NIDS will alert on the activity and perhaps capture the single packet that it perceives to contain an event of interest.

There are several problems with this method. First, as anyone who has ever used a NIDS knows, these systems are prone to generating alerts when there really is no ...

Get Network Intrusion Detection, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.