Network and System Monitoring

Students will set up a sniffer on a Linux box connected to a SPAN port (running in promiscuous mode) and use the command-line utility tcpdump to capture the network traffic. After capturing the network traffic with tcpdump, the student will analyze the network traffic using Wireshark, the most widely used pack analysis tool in the world.

Overview

The tcpdump utility is one of the most widely used free and open-source command-line tools for capturing network traffic on a Linux system. A free tool that is integrated into most Linux operating systems will allow the end user to capture traffic with various parameters, like file size. Wireshark is the most widely used packet analysis tool in the world that can be used to analyze TCP dump files. When networks are attacked, there is valuable information sent to the logs about how the attack happened. In this lab, you will see how long analysis is critical to understanding and dissecting an attack.

outcomes

In this lab, you will learn to:

Setup a sniffer
Use bruter to generate network traffic to monitor
Analyze traffic with wireshark
Analyze logs

Courses

Cybersecurity Attack and Defend

Key terms and descriptions

Bruter

A brute force tool that will attempt to login to a remote service.

auth.log

Keeps track of user activity on a Debian system.

tcpdump

A Linux tool to dump network traffic.

access.log

Keeps the web traffic on a Linux system.

User Agent

Provides information about a browser.