Although most of this book focuses on using packet analysis for network troubleshooting, a considerable amount of real-world packet analysis is done for security purposes. For example, an intrusion analyst might review network traffic from potential intruders, or a forensic investigator might attempt to ascertain the extent of a malware infection on a compromised host.

Performing packet analysis while investigating security incidents is always a challenging scenario because it involves the unknown element of an attacker-controlled device. You can’t walk over to the attacker’s cubicle to ask a question or baseline ...

Get Practical Packet Analysis, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.