Tutorial for the article Network traffic analysis

This tutorial accompanies the article Network traffic analysis (hakin9 magazine, issue 4/2006). The exercises presented in the tutorial demonstrate ways of analysing network traffic and detecting attack attempts.

Instructions in the tutorial assume you are working on a system booted from hakin9.live.

next >>>

Manual analysis
(01) Let's examine three network traffic dump files (...)
(02) Examine the files sample_1.pcap, sample_2.pcap and sample_3.pcap using ethereal (...)
(03) Pay special attention to the file (...)
(04) Can you see any other evidence of suspicious activity (...)
(05) Analyse the FTP session (...)
(06) Now go though the data in (...)
(07) Use ethereal to examine the traffic in sample_3.pcap (...)
(08) sample_3.pcap contains evidence of two FTP sessions (...)
(09) Examine the HTTP requests (...)
(10) As you can see, the first HTTP request (...)

Automated analysis
(11) Now let's try to automate the analysis process (...)