[SANS ISC Diary] Full Packet Capture for Dummies

November 5, 2016 Incident Management, SANS Internet Storm Center, Security 5 comments

I published the following diary on isc.sans.org: “Full Packet Capture for Dummies”

When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination IP addresses, ports, time stamps. Â But if we can also have access to the full packets with the payload, it is even more interesting. We can extract binary files from packets, replay sessions, extract IOC’s and many moresÂ [Read more]

5 comments

Pingback: [SANS ISC Diary] Full Packet Capture for Dummies – Insuring Your Futureâ€¦ Today.
VSuranovsky says:

November 6, 2016 at 14:57

RT @xme: [/dev/random] [SANS ISC Diary] Full Packet Capture for Dummies https://t.co/FqWojK14OA
Pingback: [SANS ISC Diary] Full Packet Capture for Dummies – Cyber Security
Gartzen72 says:

November 5, 2016 at 22:39

RT @xme: [/dev/random] [SANS ISC Diary] Full Packet Capture for Dummies https://t.co/FqWojK14OA
AngeloPerniola says:

November 5, 2016 at 18:22

RT @xme: [/dev/random] [SANS ISC Diary] Full Packet Capture for Dummies https://t.co/FqWojK14OA

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Leave a Reply