Play all

Intro

Why do we capture packets?

Obtaining Network Traffic

Network Interface Cards

FreeBSD Packet Processing

FreeBSD Processing cont.

mbuf kernel structure

Linux Frame Processing

sk_buff kernel structure

Keeping Up?

Capture Mechanisms/Sockets

tcpdump tests, average

libpcap buffer

FreeBSD, packet drops netstat

Linux, packet drops ifconfig

tcpdump/libpcap drops

Reporting & Stats

graphing with gnuplot

Packets Per Second

Gigabit Line Rate for UDP

trafgen config files

BPF Filters - 3

Capture SYN

IP Options: RR Example

Capture HTTP GET Method

netsniff-ng: a quick look

netsniff-ng: writing to disk

netsniff-ng: Creating filters

tcpdump & libpcap

Analysis

Description:

Learn the fundamentals of traffic analysis through a pragmatic approach in this comprehensive conference talk. Explore packet capture techniques, network interface cards, and kernel structures in FreeBSD and Linux. Discover various capture mechanisms, including tcpdump and libpcap, and understand how to handle packet drops. Gain insights into reporting and statistics using gnuplot, and delve into BPF filters and IP options. Examine practical examples of capturing specific network traffic, such as SYN packets and HTTP GET methods. Investigate tools like netsniff-ng for advanced packet capture and analysis, and develop essential skills for effective network traffic analysis.

An Introduction to Traffic Analysis - A Pragmatic Approach

Add to list

#Information Security (InfoSec) #Network Security #Network Traffic Analysis #Computer Science #Information Technology #Linux #Computer Networking #Network Monitoring #tcpdump #Operating Systems #FreeBSD

0:00 / 0:00