Recent vulnerability released by Google called Poodle - puts security administrators to scramble keeping up with "heartbleed", "retiring of SHA-1" and "removal of SSLv3" As I come from the solutions and enterprise architecture background, I get pinged by these questions about the real risk and impact of implementing these security enforcement's.
Showing posts with label bpf. Show all posts
Showing posts with label bpf. Show all posts
Saturday, October 25, 2014
Wednesday, March 26, 2014
Rolling PCAP (Packet Capture) for a production network
It is common to see many SOCs (Security Operations Centers) wanting a packet capture of a recent event to trace down some network activity either part of an attack or an investigation. A file format called PCAP is a good way to store network data on the disk. However no one can afford to store PCAP forever, so a rolling packet capture depending on your network bandwidth is a very viable way to collect and store PCAP.
Friday, July 19, 2013
DNS PCAP and BPF
DNS most interesting protocol can be analyzed using some packet filters that can help you look at and analyze various types of DNS packets on the network. In this blog, I am compiling a list of these to summarize the ones I have discovered as useful for analyzing DNS packets. The examples are relevant to UDP DNS which is about 90-95% of DNS packets seen.
Subscribe to:
Posts (Atom)