0% found this document useful (0 votes)
28 views17 pages

What Is Packet Analysis Slides

Packet analysis involves reading individual data packets to monitor network activity and identify security issues. It allows one to identify exploits, investigate malicious activity, and understand information flow within a network. The document discusses numbering systems like binary, decimal, and hexadecimal used to represent digital data. It also covers character encoding standards like ASCII and UTF-8. Finally, it provides an overview of security tools like IDS, IPS, and SIEM that can analyze packet captures.

Uploaded by

read29926285
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views17 pages

What Is Packet Analysis Slides

Packet analysis involves reading individual data packets to monitor network activity and identify security issues. It allows one to identify exploits, investigate malicious activity, and understand information flow within a network. The document discusses numbering systems like binary, decimal, and hexadecimal used to represent digital data. It also covers character encoding standards like ASCII and UTF-8. Finally, it provides an overview of security tools like IDS, IPS, and SIEM that can analyze packet captures.

Uploaded by

read29926285
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Getting Started with Packet Analysis

WHAT IS PACKET ANALYSIS?

Joe Abraham
IT SECURITY PROFESSIONAL

@joeabrah www.joestechinsights.com
Packet Analysis
The reading and interpretation of an individual or set of
datagrams to be used for information security or
network monitoring purposes.
Digital information is at risk!

You will be able to:


- Read datagrams from captures
- Identify exploits within datagrams
- Investigate malicious activity found
within packets.
Review Basic Knowledge
Overview Capture Packets
Read Captures
IPv6 and Encrypted Packets
Case Study
Course Wrap Up
Intended Audience

SOC Analyst Security Professionals


Understand information flow and Need this type of skill or have
security devices within network interest in reading captures
Prerequisites

Linux virtual machine or


workstation Supplied course materials:

Security Onion (4.6.0) Sample packet captures

Tcpdump (4.7.4) Number and character


encoding conversion charts
Netsniff-ng (0.5.8)
Translation cheat sheets
Wireshark (2.2.0)
Character Encodings and Numbering Systems
Base2 Numbering System

1’s and 0’s, on or off…the computer language

Also known as binary

Example: “Hello World” in ASCII format is represented by 01101000


01100101 01101100 01101100 01101111 00100000 01110111 01101111
01110010 01101100 01100100
Base10 Numbering System
Also known as the decimal system, this numbering system
represents binary in integer form. As an example, the string
00011001 is equal to the number 25!
Base16 Numbering System

Also known as “hex”


Uses numbers and letters
- Numbers 0-9
- Letters A-F

Each hex character represented by four


bits, or one nibble
Example: look at string 11000011
Uses 7 bits in a byte
Different characters
represented by bit
ASCII Character Encoding
Some printable
characters
00100001 is “!”
Several variations of Unicode format
- Is an encoding type

First byte represents first 128 characters


- Up to four additional bytes possible
UTF-8 Used in many applications
First 128 characters are ASCII characters
- ASCII is UTF-8

Industry standard format


IDS, IPS, and SIEM
IDS vs IPS

Intrusion Detection System (IDS) Intrusion Prevention System (IPS)


Monitors traffic for threats Monitors traffic for threats
Typically does not sit inline with Typically sits inline with traffic flow
traffic flow
Takes passive or active mitigation action
Sends alerts or takes passive actions
Uses rules to detect and stop threats
Uses rules to detect threats
IPS can detect on threat signature
IDS can detect on threat signature or anomaly
or anomaly
SIEM
Security Information and Event Management; collects
and aggregates alerts and logs for event tracking,
retention, and correlation from multiple systems.
Summary What is packet analysis?
Numbering systems
Character encodings
Security tools within environment

You might also like