Tcpdump: Tcpdump is a free and popular command-line packet capture utility, which can come in very handy in the absence of a GUI-based tool. In addition, Gerald Combs, the man behind Wireshark, once tweeted the following: There is no better way to understand this flow of information than to perform a packet-level analysis and, as the famous quote about network analysis goes, packets never lie. This traffic may be generated by numerous network devices communicating among each other, servers responding to user requests, or making their own requests over the Internet when required, and end users trying to accomplish their day-to-day tasks at work. When we talk about enterprise networks, at any given point, there is humongous amount of traffic on the wire and analyzing such traffic is not a walk in the park. We will be digging into more detailed analysis as we progress though this book. We can analyze the packets after capturing them using a sniffer of choice, and in our case, we notice the columns that tell us about the source and destination IP addresses, the protocol being used, the length of the individual packets, and other relevant information. It can also help to prove the use of any insecure protocol(s) used to transmit sensitive information.Īs Christopher Hitchens, a British-born American author, was once quoted saying: ![]() Security analysts use sniffing to gather evidence in the case of a security breach with regard to the source of the attack, time and duration of the attack, protocols and port numbers involved, and data transmitted for the purpose of the attack. Sniffing helps a network analyst verify whether the implementation and functionality of the network and network security devices, such as the router, switch, firewall, IDS, or IPS, are as expected and also confirms that data is traversing through secure channels of communication. ![]() Just as a poison flowing through the veins of the human body has the potential to kill an individual, similarly malicious traffic traversing our networks can have a severe and sometimes irreparable effect on the network devices, performance, and business continuity. Packet sniffing is performed in order to better understand what flows through our networks.
0 Comments
Leave a Reply. |