Chapter 7. Packet Dissection Using TCPdump
The next four chapters explore using TCPdump to analyze network traffic. TCPdump provides some wonderful benefits when used with a signature-based NIDS in a network. Most often, when signature-based NIDS detect some kind of anomalous activity, it is due to a pre-defined signature discovering a malicious packet. Typically, the NIDS will alert on the activity and perhaps capture the single packet that it perceives to contain an event of interest.
There are several problems with this method. First, as anyone who has ever used a NIDS knows, these systems are prone to generating alerts when there really is no ...
Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.