As a Security Analyst, you must have a complete mastery over TCP/IP protocol. Packet Analysis is making use of a packet sniffer to capture the packets and analyze the flow of data between two devices communicating on a network.
- Sniff the network
- Analyze incoming and outgoing packets
- Troubleshoot the network for performance
Packet Analysis involves intercepting network traffic between two target network nodes and capturing network packets exchanged between nodes. A packet sniffer is referred to as a network monitor that is used legitimately by a network administrator to monitor the network for vulnerabilities by capturing the network traffic and should there be any issues, proceeds to troubleshoot the same.
Similarly, sniffing tools can be used by attackers in promiscuous mode to capture and analyze all the network traffic. Once attackers have captured the network traffic they can analyze the packets and view the user name and password information in a given network as this information is transmitted in a cleartext format. An attacker can easily intrude into a network using this login information and compromise other systems on the network.
Hence, it is very crucial for an Information Security Auditor or a Penetration Tester to be familiar with network traffic analyzers and he or she should be able to maintain and monitor a network to detect rogue packet sniffers, MAC attacks, DHCP attacks, ARP poisoning, spoofing, or DNS poisoning, and know the types of information that can be detected from the captured data and use the information to keep the network running smoothly.
TCPIP Packet Analysis
The Security Analyst Exercises / TCPIP Packet Analysis contains the following Exercises:
- TCP/IP Packet Analysis Using Wireshark
The Virtual Private Cloud for this Lab set utilizes:
- Microsoft Windows Server 2008Steve Graham
- Back Track 5Steve Graham
- Microsoft Windows 8Steve Graham
- Microsoft Windows 7Steve Graham
- Microsoft Windows Server 2012Jennifer Hernandez
Security Analyst Exercises are available as part of the following subscription:
Lab exercises are included for:
- TCPIP Packet Analysis
- Information Gathering
- Vulnerability Analysis
- External Penetration Testing
- Internal Network Penetration Testing
- Firewall Penetration Testing
- IDS Penetration Testing
- Password Cracking Penetration Testing
- Social Engineering Penetration Testing
- Web Application Penetration Testing
- SQL Penetration Testing