Overview
Packet analysis is a crucial technique for general security monitoring and for incident response and digital forensics. While a tool such as tcpdump can be used to record and display a stream of packets, analysis is much easier using a graphical tool such as Wireshark. This can show the structure and contents of protocol headers, show the data exchanged within a stream or conversation, and summarize the endpoints, ports, and data transfers present in the capture.
In this scenario, consider that you are working for a security solutions provider. You are performing threat hunting on existing network packet captures recorded on your customers’ systems. You must identify and classify any attacks suggested by indicators in the packet captures and identify what you can do to prevent such attacks in the future.