Although most of this book focuses on using packet analysis for network troubleshooting, a considerable amount of real-world packet analysis is done for security purposes. This could be the job of an intrusion analyst reviewing network traffic from potential intruders, or of a forensic investigator attempting to ascertain the extent of a malware infection on a compromised host. Packet analysis for security is a big topic, suitable for an entire book. This chapter provides a taste of analyzing packets with a security focus.

In this chapter, we’ll take the viewpoint of a security practitioner, as we examine ...