Interpret network communications with packets

If a packet capture is like intercepting an envelope in the mail,  then packet analysis is like reading the letter inside of the envelope. 
 Let's discuss how analyzing packets can help us interpret and  understand network communications. 
 
 
 
 
 
 
 
 
 
 As you may know, networks are noisy. 
 There's an enormous volume of communications happening between devices  at any given time. 
 And because of this, packet captures can contain large amounts of network  communications, making analysis challenging and time-consuming. 
 
 
 
 
 
 
 
 
 
 As a security professional, you'll be working against the clock to protect  networks and computer systems from potential attacks. 
 You may analyze network evidence in the form of packet captures to identify  indicators of compromise. 
 Having the ability to filter network traffic using packet sniffers to gather  relevant information is an essential skill to have. 
 For example, let's say that you were tasked with analyzing a packet capture  to find any indication of data exfiltration. 
 How would you go about this? 
 
 
 
 
 
 
 
 
 
 Using a network analyzer tool, you can filter the packet capture to sort packets. 
 This can help you quickly identify an event associated with data exfiltration,  like large amounts of data leaving a database. 
 There are many other filters you can apply to packet captures to find the information  you need to support an investigation efficiently.  
 
 
 
 
 
 
 
 
 
 Examples of network analyzer tools include tcpdump and Wireshark. 
 tcpdump is accessed through a command line while Wireshark has a graphical user  interface, or GUI. 
 Both tools are useful for security analysts, and  soon you'll have the opportunity to explore both. 
 
 
 
 
 
 
 
 Before we begin using these tools, let's explore packet fields in detail,  specifically, IP headers. 
 Meet you there.