Packet Captures
Packets are the data that runs up and down our network. By capturing packets, cybersecurity administrators can analyze what is happening on the organization’s network. The tools used can be called packet sniffers or protocol analyzers, common examples of which are Wireshark or the Linux-based Tcpdump. A trace can be conducted by capturing packets, i.e., saving the data in a packet capture (PCAP) form for later analysis. An example of packet capturing is troubleshooting why a user did not receive an IP address from the DHCP server that automates IP address allocation. Allocating an IP address automatically is done by the exchange of four packets. If the cybersecurity administrator only sees the first packet but no second packet, they know that there is a problem with the DHCP server; it may have run out of IP addresses to allocate. Packet capturing can be used for the following tasks:
- Forensics and incident response: PCAPs can be invaluable for forensic...