1 00:00:00,06 --> 00:00:03,03 - [Narrator] Packet analysis is a primary way 2 00:00:03,03 --> 00:00:06,02 of monitoring your network. 3 00:00:06,02 --> 00:00:10,00 Computer network professionals use packet analysis 4 00:00:10,00 --> 00:00:14,05 to observe and diagnose the health of a network. 5 00:00:14,05 --> 00:00:18,05 Cybersecurity professionals use packet analysis 6 00:00:18,05 --> 00:00:24,00 to conduct passive network vulnerability assessments. 7 00:00:24,00 --> 00:00:27,00 The adjective passive, here means that 8 00:00:27,00 --> 00:00:29,06 whoever is inspecting the packets doesn't take 9 00:00:29,06 --> 00:00:33,04 any actions affecting them like dropping the packets 10 00:00:33,04 --> 00:00:35,08 or altering them. 11 00:00:35,08 --> 00:00:41,01 Attackers use packet analysis, as a passive attack tool 12 00:00:41,01 --> 00:00:45,06 to steal information such as passwords. 13 00:00:45,06 --> 00:00:51,00 The term, Packet in packet analysis is misleading 14 00:00:51,00 --> 00:00:55,07 because frames are what's actually captured and analyzed. 15 00:00:55,07 --> 00:00:58,07 Think of frames as container trucks 16 00:00:58,07 --> 00:01:04,06 delivering network packets in a local area network or WLAN. 17 00:01:04,06 --> 00:01:08,06 Intercept a frame and take a packet out of it 18 00:01:08,06 --> 00:01:10,08 for further inspection. 19 00:01:10,08 --> 00:01:13,01 To give you an analogy I can use 20 00:01:13,01 --> 00:01:15,06 the example of a Russian doll. 21 00:01:15,06 --> 00:01:19,03 Let's say that the outer most shell is a frame, 22 00:01:19,03 --> 00:01:22,07 within the frame you see a packet housed 23 00:01:22,07 --> 00:01:26,04 and then within the packet we have application 24 00:01:26,04 --> 00:01:29,08 or other protocol information. 25 00:01:29,08 --> 00:01:34,07 Packet analysis results always mention frames 26 00:01:34,07 --> 00:01:37,03 and provides frame details in addition to 27 00:01:37,03 --> 00:01:39,05 the packet information. 28 00:01:39,05 --> 00:01:44,08 A packet also carries data used by various network protocols 29 00:01:44,08 --> 00:01:53,06 such as TCP, UDP, IP, ARP, HTTP, et cetera. 30 00:01:53,06 --> 00:01:57,06 TCP stands for Transmission Control Protocol, 31 00:01:57,06 --> 00:02:01,09 UDP stands for User Datagram Protocol. 32 00:02:01,09 --> 00:02:07,00 TCP and UDP govern how reliably a packets travel 33 00:02:07,00 --> 00:02:11,02 through the internet between their sources and destinations. 34 00:02:11,02 --> 00:02:14,09 ARP stands for Address Resolution Protocol 35 00:02:14,09 --> 00:02:19,00 which helps with translation between the IP addresses 36 00:02:19,00 --> 00:02:23,00 and physical or ethernet addresses. 37 00:02:23,00 --> 00:02:27,03 We'll have a chance to discuss ARP more in depth 38 00:02:27,03 --> 00:02:28,09 in the next lesson. 39 00:02:28,09 --> 00:02:32,09 Packet analysis need for inspecting protocol details 40 00:02:32,09 --> 00:02:36,09 delivered by packets and a relevance to networking 41 00:02:36,09 --> 00:02:42,01 and cyber security are why packet analysis is also called 42 00:02:42,01 --> 00:02:45,00 Protocol analysis. 43 00:02:45,00 --> 00:02:48,07 Packet analysis is an essential element of any network 44 00:02:48,07 --> 00:02:52,01 or cybersecurity professional's tool box. 45 00:02:52,01 --> 00:02:55,00 It's indispensable in many different context 46 00:02:55,00 --> 00:02:56,07 of network trouble shooting 47 00:02:56,07 --> 00:02:59,00 and cybersecurity investigations.