WEBVTT 00:00.590 --> 00:07.850 Packet analysis and traffic sniffing are utilized by various network devices, including routers, switches 00:07.850 --> 00:10.100 and firewall appliances. 00:10.130 --> 00:17.930 These devices capture and interpret the raw bits of packets, examining field values to make informed 00:17.930 --> 00:21.350 decisions about the appropriate actions to take. 00:21.890 --> 00:27.740 Here we have three different devices examined for network traffic. 00:27.770 --> 00:29.720 The first is routers. 00:30.620 --> 00:39.560 Ruders capture traffic and analyze the IP header which works on the layer two of internet layer to determine 00:39.590 --> 00:42.660 the appropriate routing path for the packets. 00:42.680 --> 00:50.140 And here in this course you will learn all of this, this PDU and the TCP IP layers here. 00:50.150 --> 00:59.060 And we also have the firewalls, firewalls, monitor all network traffic and enforce access control 00:59.060 --> 00:59.840 lists. 01:00.620 --> 01:09.470 X, so they drop packets that do not comply with the specified rules in the ACLs, ensuring that only 01:09.500 --> 01:12.620 authorized traffic is allowed to pass through. 01:12.680 --> 01:19.700 For instance, when they when data passes through a firewall, the device inspects the traffic and decides 01:19.730 --> 01:26.720 whether to permit or deny the packets based on the ACL rules. 01:26.720 --> 01:30.800 As I said, an ACL means access control list. 01:31.250 --> 01:41.630 And here too, and here, as you can see in this diagram, I draw something that simulated how ACL works. 01:41.990 --> 01:43.390 And here we are. 01:43.400 --> 01:46.130 Communication order starts from bottom to top. 01:46.130 --> 01:51.650 So as you can see, one, two, and here we have two way communication. 01:51.650 --> 02:01.260 And to decide whether to allow or deny a packet, the firewall must check each header as it passes through 02:01.260 --> 02:02.190 the device. 02:02.190 --> 02:06.360 And here we have the feeder IP header, TCP header and Ethernet header. 02:06.390 --> 02:10.470 They both have source source port and destination port. 02:11.200 --> 02:19.720 And here the firewall checks them and it and it will determine variables such as IP addresses, transmission 02:19.720 --> 02:27.550 control protocol, TCP IP flags here, TCP flags and port numbers here. 02:27.550 --> 02:30.610 Destination Port and Source Port Destination Port Source port here. 02:30.610 --> 02:33.370 Destination Address and Source Source address here. 02:33.370 --> 02:36.190 So and port numbers that are in use. 02:36.190 --> 02:45.190 If the packet does not meet the ACL entry, the firewall, as you can see here, will drop the packet 02:45.190 --> 02:46.780 as shown in this diagram. 02:46.780 --> 02:58.150 And inboard syn packet with a destination port of 80 is blocked because it does not match the rules. 02:59.120 --> 03:07.670 And it's so important to note that a packet sniffer while examining traffic, does not modify the contents 03:07.670 --> 03:15.140 of the packets in any way, and its purpose is solely to capture traffic for analysis as it traverses 03:15.140 --> 03:15.920 the network. 03:15.920 --> 03:21.680 And packet sniffing and analysis have played integral roles in network management for many years. 03:21.710 --> 03:27.680 However, the initial step in the analysis process is to capture the network traffic and which we will 03:27.680 --> 03:30.140 explore in the subsequent sections.