Network Forensics
Part II
Abstract
This chapter provides a deep look into the creation, processing, and data extraction from raw network packets. The purpose is to create a pure Python Silent Network Monitoring Tool to allow the capture of TCP and UDP packets. The chapter covers Switched Port ANalyzer (or port mirroring) ports, Promiscuous Mode network interfaces that are used for silent network monitoring activities.
Keywords
Network Forensics
Network investigation
Promiscuous Mode
SPAN ports
Raw sockets
Unpack
Signal
Argument parsing
CSV
Logging
Decoding
Packets
Get Python Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.