Network and System Monitoring
Students will set up a sniffer on a Linux box connected to a SPAN port (running in promiscuous mode) and use the command-line utility tcpdump to capture the network traffic. After capturing the network traffic with tcpdump, the student will analyze the network traffic using Wireshark, the most widely used pack analysis tool in the world.
Overview
The tcpdump utility is one of the most widely used free and open-source command-line tools for capturing network traffic on a Linux system. A free tool that is integrated into most Linux operating systems will allow the end user to capture traffic with various parameters, like file size. Wireshark is the most widely used packet analysis tool in the world that can be used to analyze TCP dump files. When networks are attacked, there is valuable information sent to the logs about how the attack happened. In this lab, you will see how long analysis is critical to understanding and dissecting an attack.
outcomes
In this lab, you will learn to:
- Setup a sniffer
- Use bruter to generate network traffic to monitor
- Analyze traffic with wireshark
- Analyze logs