Network Analysis

  1. Tools for Network Analysis
    1. Packet Sniffers and Protocol Analyzers
      1. Wireshark
        1. Features and Capabilities
          1. Protocol Support
            1. Filtering Options
              1. Statistical Analysis
                1. Export Capabilities
                2. User Interface Overview
                  1. Packet List Pane
                    1. Packet Details Pane
                      1. Packet Bytes Pane
                      2. Advanced Features
                        1. Coloring Rules
                          1. Time Display Formats
                            1. Name Resolution
                              1. Expert System
                            2. tcpdump and WinDump
                              1. Command-line Usage
                                1. Basic Syntax
                                  1. Output Formats
                                    1. File Operations
                                    2. Common Options and Filters
                                      1. Interface Selection
                                        1. Packet Count Limits
                                          1. Time-based Capture
                                            1. Protocol Filtering
                                            2. Advanced Filtering
                                              1. Berkeley Packet Filter Syntax
                                                1. Logical Operators
                                                  1. Field-specific Filters
                                                2. TShark
                                                  1. Command-line Interface
                                                    1. Basic Operations
                                                      1. Output Customization
                                                        1. Batch Processing
                                                        2. Scripting and Automation
                                                          1. Shell Script Integration
                                                            1. Automated Analysis
                                                              1. Report Generation
                                                          2. Flow Analysis Tools
                                                            1. NetFlow
                                                              1. Flow Exporters and Collectors
                                                                1. Router Configuration
                                                                  1. Flow Record Format
                                                                    1. Export Protocols
                                                                    2. NetFlow Versions
                                                                      1. NetFlow v5
                                                                        1. NetFlow v9
                                                                          1. Flexible NetFlow
                                                                        2. sFlow
                                                                          1. Sampling Techniques
                                                                            1. Packet Sampling
                                                                              1. Counter Sampling
                                                                                1. Sampling Rates
                                                                                2. sFlow Architecture
                                                                                  1. sFlow Agents
                                                                                    1. sFlow Collectors
                                                                                      1. sFlow Analyzers
                                                                                    2. J-Flow
                                                                                      1. Juniper Implementation
                                                                                        1. Configuration Options
                                                                                          1. Template Management
                                                                                            1. Export Destinations
                                                                                          2. IPFIX
                                                                                            1. Flexible Flow Export
                                                                                              1. Information Elements
                                                                                                1. Template Records
                                                                                                  1. Data Records
                                                                                                  2. IPFIX Architecture
                                                                                                    1. Exporting Process
                                                                                                      1. Collecting Process
                                                                                                        1. Mediator Functions
                                                                                                      2. Flow Analysis Software
                                                                                                        1. Commercial Solutions
                                                                                                          1. SolarWinds NTA
                                                                                                            1. ManageEngine NetFlow Analyzer
                                                                                                              1. Plixer Scrutinizer
                                                                                                              2. Open Source Solutions
                                                                                                                1. nfcapd and nfdump
                                                                                                                  1. SiLK
                                                                                                                    1. ntopng
                                                                                                                2. Network Performance Monitoring Tools
                                                                                                                  1. Real-time Monitoring
                                                                                                                    1. Live Dashboard Views
                                                                                                                      1. Threshold-based Alerting
                                                                                                                        1. Performance Metrics
                                                                                                                        2. Historical Data Analysis
                                                                                                                          1. Trend Analysis
                                                                                                                            1. Capacity Planning
                                                                                                                              1. Performance Baselines
                                                                                                                              2. Alerting and Reporting
                                                                                                                                1. Notification Systems
                                                                                                                                  1. Custom Reports
                                                                                                                                    1. Executive Dashboards
                                                                                                                                  2. Security-Focused Tools
                                                                                                                                    1. Intrusion Detection Systems
                                                                                                                                      1. Signature-based Detection
                                                                                                                                        1. Rule Management
                                                                                                                                          1. Signature Updates
                                                                                                                                            1. False Positive Reduction
                                                                                                                                            2. Anomaly-based Detection
                                                                                                                                              1. Behavioral Analysis
                                                                                                                                                1. Machine Learning
                                                                                                                                                  1. Statistical Methods
                                                                                                                                                  2. Network-based IDS
                                                                                                                                                    1. Sensor Placement
                                                                                                                                                      1. Traffic Analysis
                                                                                                                                                        1. Alert Generation
                                                                                                                                                        2. Host-based IDS
                                                                                                                                                          1. Log Analysis
                                                                                                                                                            1. File Integrity Monitoring
                                                                                                                                                              1. System Call Monitoring
                                                                                                                                                            2. Intrusion Prevention Systems
                                                                                                                                                              1. Inline Protection
                                                                                                                                                                1. Traffic Blocking
                                                                                                                                                                  1. Active Response
                                                                                                                                                                    1. Performance Impact
                                                                                                                                                                    2. IPS Deployment Models
                                                                                                                                                                      1. Bridge Mode
                                                                                                                                                                        1. Router Mode
                                                                                                                                                                          1. Hybrid Deployments
                                                                                                                                                                        2. Security Information and Event Management
                                                                                                                                                                          1. Log Aggregation
                                                                                                                                                                            1. Log Collection
                                                                                                                                                                              1. Log Normalization
                                                                                                                                                                                1. Log Storage
                                                                                                                                                                                2. Correlation and Analysis
                                                                                                                                                                                  1. Event Correlation Rules
                                                                                                                                                                                    1. Threat Intelligence Integration
                                                                                                                                                                                      1. Risk Scoring

                                                                                                                                                                                Previous

                                                                                                                                                                                3. Network Traffic Capture

                                                                                                                                                                                Go to top

                                                                                                                                                                                Next

                                                                                                                                                                                5. The Analysis Process