Analyzing network traffic and understanding packets is an important task for IT
ID: 3592417 • Letter: A
Question
Analyzing network traffic and understanding packets is an important task for IT security professionals. Illegitimate hackers also use network traffic to steal information and/or to learn about an organization’s network infrastructure. How can different methods of packet capture be useful and why might one be chosen over another? How can understanding of the OSI model inform a discussion of packet capture? Analyzing network traffic and understanding packets is an important task for IT security professionals. Illegitimate hackers also use network traffic to steal information and/or to learn about an organization’s network infrastructure. How can different methods of packet capture be useful and why might one be chosen over another? How can understanding of the OSI model inform a discussion of packet capture? Analyzing network traffic and understanding packets is an important task for IT security professionals. Illegitimate hackers also use network traffic to steal information and/or to learn about an organization’s network infrastructure. How can different methods of packet capture be useful and why might one be chosen over another? How can understanding of the OSI model inform a discussion of packet capture?Explanation / Answer
Packet Capture : Intercepting data packet over a network. Store this captured packet into memory and analyze to help diagnose network problems and assess network security.
Methods for packet capture :
Selection between methods :
Which method to use depends directly on the purpose of packet capture and design of the network. First thing to check is if your network is wired or wireless. If its wireless, choose any one of the last three methods. Another factor to keep in mind is that if you chose monitoring WAP then your WAP should have capabilities to handle this additional load so that it doesn’t consume all the resources which might block usual traffic all together.
It the network is wired then decide what is your actual goal of packet capturing which may differ from a personal network to a commercial one. Because solutions like inline devices could be really expensive for a small network at low security risks whereas commercial networks like banking need high security and should regularly monitor the traffic and thus require extensive solutions.
To conclude, first outline the goal of the packet capture and then according to the network design and need select appropriate method for packet capture.
OSI and packet capture :
Understanding of OSI model is very important in packet capture. Packets captured at different layers of OSI contain different information .Packets captured could be of any layer in OSI model which can be determined my packet contents. For example, if an layer 2 packet is captured then it will contain MAC address whereas a layer 3 packet will have IP addresses. If a layer 4 packet is captured it will also add port details and thus if layer 7 packet is captured it will contain application protocol details such as HTTP, and so on.
Although one cannot target any particular layer packet to get. Each layer encapsulates packet from its lower layer by padding some info. Therefore a single packet will have paddings added by each such layer. If one understands OSI properly he can identify which layer has added what information to this packet. E.g. wireshark packets contain all the info from layer 2 to layer 7.
If you find this helpful, please give a thumbs up. Good Luck !!