Harnessing the Power of NetFlow and Packet Analysis
NetFlow contains network traffic metadata (time, date, IP addresses, port number, etc.). Packet capture retains the packet payload, including user and application information. Together, they allow investigators to be more responsive to threat activity.
It’s Not The Network
All too often we networkers spend our time defending the network not only from security threats but from blame as the root cause (actual or perceived) of performance problems. The network is guilty until proven innocent. So how do we counter these arguments, put the issue to rest, and uphold the integrity of the network? […]
Tools of the Trade: The Compressed Pcap Packet Indexing Program
The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts.