SANS ISC

[SANS ISC Diary] Full Packet Capture for Dummies

I published the following diary on isc.sans.org: “Full Packet Capture for Dummies

When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination IP addresses, ports, time stamps.  But if we can also have access to the full packets with the payload, it is even more interesting. We can extract binary files from packets, replay sessions, extract IOC’s and many mores [Read more]

5 comments

Leave a Reply

Your email address will not be published. Required fields are marked *