Saturday, March 8, 2008

Tcpdump Post Update

I have been real busy this week reading Richard Bejtlich's "The Tao of Network Security Monitoring". I have found this to be a fantastic read and Richard's explanations of protocols and monitoring tools such as Tcpdump, Tethereal (now tshark) and Snort are enlightening.

The book takes the reader through the various ways to configure an environment to perform packet capture, and then on to how to analyse the captures and interpret the data using open source tools.

I strongly recommend the book to anyone who, like me, is interested in network traffic or network monitoring.


Rather than put out a new post this week I will update my older post "Fun with Tcpdump" with some of the things I have learned from the book.


SynJunkie

No comments: