Chapter 9

Network Forensics

Part II

Abstract

This chapter provides a deep look into the creation, processing, and data extraction from raw network packets. The purpose is to create a pure Python Silent Network Monitoring Tool to allow the capture of TCP and UDP packets. The chapter covers Switched Port ANalyzer (or port mirroring) ports, Promiscuous Mode network interfaces that are used for silent network monitoring activities.

Keywords

Network Forensics

Network investigation

Promiscuous Mode

SPAN ports

Raw sockets

Unpack

Signal

Argument parsing

CSV

Logging

Decoding

Packets

Get Python Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.