TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Intrusion Signatures and Analysis
Intrusion Signatures and Analysis
Guide to Tcp/Ip
Tool review: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Generalizing sources of live network evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Digital investigators have an increasing need to examine data network logs and traffic, either as part of criminal or civil investigations or when responding to information security incidents. To truly understand the contents of the logs and the data packets, examiners need to have a good foundation in the protocols comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. This paper introduces the use of protocol analyzers and packet sniffers for TCP/IP traffic, and provides examples of normal and suspect TCP/IP traffic. This paper also provides a basis for a discussion of intrusion detection and signature analysis.