Packet forensics using TCP

Packet forensics using TCP
Don Parker, Mike Sues

Most of us who work in the security world have at one time or another looked at the raw output of a firewall, IDS, or other type of security device. What that output invariably leads one to is viewing packets directly for an investigation. Doing packet forensics can be a difficult and time consuming endeavour. Due to this fact, many of us prefer to use convenient tools such as Ethereal to help facilitate our analysis. There is a notable problem with this approach, however.

Colapse all | Post comment

Packet forensics using TCP 2005-09-25
Anonymous

nice job guys!

Helped me get some things straight....

[ more ] [ reply ]

Packet forensics using TCP 2005-10-20
pandian

Hi..thanx for the tutorial. G8 work..plz keep posting useful tutorial like this. Thank u...

[ more ] [ reply ]

Ethereal can analyse sequence numbers 2005-12-02
Anonymous

Edit --> Preferences --> Protocols --> TCP --> Check the "Analyze TCP Sequence Numbers" checkbox....

[ more ] [ reply ]

Packet forensics using TCP 2006-06-02
CMory (1 replies)

Whats the best method for reconstructing gif's?

...

[ more ] [ reply ]

Re: Packet forensics using TCP 2006-07-06
Don Parker

Hi,

You may want to use Chaosreader to reconstruct your data-streams. It is a PERL tool, and works quite well.

chaosreader.sourceforge.net/index.html...

[ more ] [ reply ]

Packet forensics using TCP 2006-10-05
Mikkous

Excellent information. This is why I use WildPackets OmniPeek product. The Expert really works without crying wolf. Their "packet visualizer" also shows TCP S,L+A in a simple format so I don't use as much aspirin. There is a free version also at www.omnipeek.com...

[ more ] [ reply ]

Packet forensics using TCP 2006-11-26
Anonymous (1 replies)

Thanks a lot to Don Parker & Mike Sues. I got good understanding of tcp sequence number.

-MCS Kumar...

[ more ] [ reply ]

Re: Packet forensics using TCP 2006-11-30
Don Parker

Hello Kumar,

Both Mike and I are happy that the article was able transfer knowledge to you.

Kind regards,

Don...

[ more ] [ reply ]

Packet forensics using TCP - An excellent tutorial 2007-01-25
Joe

You clearly have a gift for teaching. I've read chapters of textbooks with less knowledge.

Please keep it up !...

[ more ] [ reply ]

Packet forensics using TCP 2007-03-01
Aju Thomas

Hi Don and Mike,

This was an amazing piece of information for anybody who wants to know what exatcly happening on with TCP packets.Really helpfull.

A must read topic for any CISSP learners..!

Thanks

Aju Thomas

Network Analyst

Siemens,India

...

[ more ] [ reply ]

Packet forensics using TCP 2008-04-08
Anonymous

Great article !! Would it help to stop SYN flooding... if yes then how to do that ?

...

[ more ] [ reply ]