O'Reilly logo

Network Forensics: Tracking Hackers through Cyberspace by Jonathan Ham, Sherri Davidoff

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Packet Analysis

Twas brillig, and the Protocols     Did USER-SERVER in the wabe.All mimsey was the FTP,     And the RJE outgrabe,Beware the ARPANET, my son;     The bits that byte,     the heads that scratch...

—R. Merryman, “ARPAWOCKY” (RFC 527)1

1. R. Merryman, “ARPAWOCKY” (RFC 527), IETF, June 1973, http://rfc-editor.org/rfc/rfc527.txt.

Once you have captured network traffic, what do you do with it? Depending on the nature of the investigation, you might want to analyze the protocols in use, search for a specific string, or carve out files.

Perhaps you received an alert from an IDS about suspicious traffic from a particular host and you would like to identify the cause. Or perhaps you are concerned that an employee is exporting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required