| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

Lecture - Identifying Network Signatures from Packet Captures

Page history last edited by Patrick 5 months, 1 week ago

 Identifying Network Signatures from Packet Captures

 

 

Summary

 

  • Signature analysis, brief introduction to the Snort IDS, analysis of ICMP packet capture, common TCP/UDP ports, network baselining, the TCP 3-way handshake, and review of TCP flags.

 

Video 

 

  • Network Signatures
    • 3:26 - Example of Snort IDS rules
    • 9:45 - md5sum usage
    • 14:45 - ifconfig command in Linux
    • 15:22 - Using tcpdump for packet capturing
    • 17:05 - Viewing packet captures with tcpdump
    • 20:09 - Examining ICMP packet captures
    • 20:54 - Using ipconfig in Windows
    • 23:20 - Well known port numbers
    • 27:19 - Examining the TCP 3-way handshake in packet captures
  • Wireshark How-to 
  • Wireshark filters 
  • Windump Demo

 

Resources

 

 

Reference Materials

 

 

Additional Information

 

 

 

All Course Lectures

Comments (0)

You don't have permission to comment on this page.