Analyse Packet Capture to Protect Your Network
For a network administrator or someone in a production environment who gets paranoid about whether anybody is snooping on the network, tools such as tcpdump act as a reassurance, as they help to counter such threats. This article discusses the processing
When it comes to network security, the first thing that people should be taking care of is their own network. This can be achieved by analysing your data and making sure that no one is intruding on your network. The name ‘PCAP’ comes from the two words, ‘packet capture’. The type of file is the Ethernet packet sniffer, which means that this file format is used by the tools that analyse the network traffic. In this article, I will start with the basics so that even a newbie can easily analyse the data, using the tools mentioned. Anyone who is new to network security needs to have a good grasp of the various types of networks. The basic types are TCP (Transmission Control Protocol) and IP (Internet Protocol). We do have many versions of IP and the address varies with the type. This understanding is necessary because, with the help of the IP address, we can determine the location of someone who is mounting an attack. I would suggest you visit some of the links below, which will be helpful to get an understanding of the basics of networking. http://en.wikipedia.org/wiki/Network_security http://cse.hcmut.edu.vn/~minhnguyen/NET/Computer%20 Networks%20-%20A%20Tanenbaum%20-%205th%20edition.pdf http://www.cert.org/historical/tech_tips/home_networks.cfm The best way to get a strong foundation on the subject would be to Google for information, instead of just reading many books. It is better to concentrate on a single book and try out various tools to get a good command over them.
Tools
Many tools are available for the analysis of packets, the most basic and most powerful one being tcpdump. It can be installed or updated by using the following command: