Learn about the security-relevant characteristics of packet capture data and how it can contribute to improving network security.
- [Instructor] One of the primary sources of network data is message exchanged between applications connected through a computer network. These messages called packets enable the network applications to collaborate to accomplish a particular task. For example, sending an email. Packets consist of headers, trailers and application data. The headers and trailers contain information necessary to deliver packets from one network device to the other.
The network on which the packets originate and are received is called the host. When a large number of devices are communicating to each other, it's important to have strict rules. Protocols are documented agreements dictating how different parties in a network are expected to interact with each other. Imagine this. You're building your own custom web browser, and inadvertently introduce an error in the code affecting a web page request.
When the web browser sends a request to the web server, the web server will recognize that it's a bad request. So following the protocol, the server will subsequently send an error 400 to the web browser. You often see these as your browser sent a request that this server could not understand. Depending on the network architecture being used, there exist layers of these headers. Each protocol introduces its own header. For example, Hypertext Transfer Protocol, or HTTP, uses an HTTP header to handle interactions between a web browser and a web server.
What you want to do for analysis is intercept packets in transit between hosts. This is called packet capturing, or sniffing. Once captured, the packet data can be stored as a file. Libpcap is a well-known Unix/Linux implementation that provides various packet capturing functions. WinPcap is a Windows version of Libpcap and also widely used. Packet capture software is readily available for free.
Therefore, capturing packets is as easy as point and click these days.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization