Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 11 months ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response
Introduction to Course 6
Terms and definitions from the certificate
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Roles in response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Overview of detection tools
Alert and event management with SIEM and SOAR tools
Wrap-up; Terms and definitions from Course 6, Week 1
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Maintain awareness with network monitoring
Data exfiltration attacks
Packets and packet captures
Learn more about packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Investigate packet details
Packet captures with tcpdump
example tcp dump activity
Activity: Research network protocol analyzers
Wrap-up; Terms and definitions from Course 6, Module 2
Welcome to module 3 ; The detection and analysis phase of the lifecycle
Cybersecurity incident detection methods
MK: Changes in the cybersecurity industry
Indicators of compromise
Analyze indicators of compromise with investigative tools
Analyze indicators of compromise with investigative tools
The benefits of documentation
Document evidence with chain of custody forms
Best practices for effective documentation
The value of cybersecurity playbooks
Generic Phishing Playbook Version 1.0
The role of triage in incident response
Robin: Foster cross-team collaboration
The triage process
The containment, eradication, and recovery phase of the lifecycle
Business continuity considerations
The post-incident activity phase of the lifecycle
Post-incident review
Wrap-up; Terms and definitions from Course 6, Module 3
read
Welcome to module 4
The importance of logs
The importance of logs
Best practices for log collection and management
Rebecca: Learn new tools and technologies
Variations of logs
Overview of log file formats
Security monitoring with detection tools
Detection tools and techniques
Grace: Security mindset in detection and response
Components of a detection signature
Examine signatures with Suricata
Examine signatures with Suricata
Examine Suricata logs
Overview of Suricata
Activity: Explore signatures and logs with Suricata
Reexamine SIEM tools
Log sources and log ingestion
Query for events with Splunk
Search methods with SIEM tools
Follow-along guide for Splunk sign-up
Wrap-up; Glossary terms from module 4
Course wrap-up
Terms and definitions from Course 6, course 6 glossary

Books

[Completed] Profession...

Packets and packet cap...

Packets and packet captures

Whether it's an employee sending an email or a malicious actor attempting to exfiltrate confidential data, actions that are performed on a network can be identified through examining network traffic flows.

Understanding these network communications provides valuable insight into the activities happening in a network.

This way, you can better understand what's going on in an environment and defend against potential threats.

With this in mind, let's examine how to record network traffic through packet captures.

Previously in the program, you learned that when data is sent, it's divided into packets.

Just like an addressed envelope in the mail, packets contain delivery information which is used to route it to its destination.

This information includes a sender and receiver's IP address, the type of packet that's being sent, and more.

Packets can provide lots of information about the communications happening between devices over a network.

You may also recall that a packet has multiple components.

There's the header, which includes information like the type of network protocol and port being used.

Imagine this as being the name and mailing address located on an envelope.

Network protocols are a set of rules that determine the transmission of data between devices on a network.

Ports are non-physical locations on a computer that organize data transmission between devices on a network.

The header also contains the packet's source and destination IP address.

We'll explore more information contained in the header in a later section.

Next, there's the payload, which contains the actual data that's being delivered.

This is like the content of a letter inside of an envelope.

And there's the footer, which signifies the end of the packet.

So how exactly can you observe a network packet?

Just like scents are invisible but can be smelled, packets are invisible but can be captured using tools called packet sniffers.

You may remember packet sniffers from a previous section.

A network protocol analyzer, or packet sniffer, is a tool designed to capture and analyze data traffic within a network.

As a security analyst, you'll use packet sniffers to inspect packets for indicators of compromise.

Through packet sniffing, we can grab a detailed snapshot of packets that travel over a network in the form of a packet capture.

A packet capture, or P-cap, is a file containing data packets intercepted from an interface or network.

It's sort of like intercepting an envelope in the mail.

Packet captures are incredibly useful during incident investigation.

By having access to the communications happening between devices over a network, you can observe network interactions and start to build a storyline to determine what exactly happened.

Coming up, we'll discuss the importance of packet analysis. Meet you there.

No Comments

Back to top