I published the following diary on isc.sans.org: “Full Packet Capture for Dummies”
When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination IP addresses, ports, time stamps. But if we can also have access to the full packets with the payload, it is even more interesting. We can extract binary files from packets, replay sessions, extract IOC’s and many mores [Read more]
[The post [SANS ISC Diary] Full Packet Capture for Dummies has been first published on /dev/random]
from Xavier
No comments:
Post a Comment