[SANS ISC Diary] Full Packet Capture for Dummies

I published the following diary on isc.sans.org: “Full Packet Capture for Dummies

When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination IP addresses, ports, time stamps.  But if we can also have access to the full packets with the payload, it is even more interesting. We can extract binary files from packets, replay sessions, extract IOC’s and many mores [Read more]

[The post [SANS ISC Diary] Full Packet Capture for Dummies has been first published on /dev/random]

from Xavier

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s