Chapter 9

Network Forensics

Part II

Abstract

This chapter provides a deep look into the creation, processing, and data extraction from raw network packets. The purpose is to create a pure Python Silent Network Monitoring Tool to allow the capture of TCP and UDP packets. The chapter covers Switched Port ANalyzer (or port mirroring) ports, Promiscuous Mode network interfaces that are used for silent network monitoring activities.

Keywords

Network Forensics

Network investigation

Promiscuous Mode

SPAN ports

Raw sockets

Unpack

Signal

Argument parsing

CSV

Logging

Decoding

Packets

Get Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Python Forensics by Chet Hosmer

Network Forensics

Part II

Abstract

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly