Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 4. Packet Analysis > 4.2 Packet Analysis

4.2 Packet Analysis

Packet analysis refers to the art and science of inspecting the protocols within a set of packets. Network analysts and investigators often conduct packet analysis in order to identify packets of interest and understand their structure and relationship to gather evidence and facilitate further analysis.

To identify packets of interest, investigators generally use filtering techniques to isolate packets based on protocol fields or their contents. In addition, investigators may search for strings or patterns in packet contents to identify targets for further inspection, even if the protocol in use is not yet known.

Understanding the packet structure is very important for reconstructing communications, transferred files, or any other flow-based transaction. Careful dissection of a single packet or a small group of packets will often help investigators identify which tools are appropriate for evidence extraction and reconstruction.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint