6. Network Forensics

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

SPAN

Switch Port Analyzer AKA Mirrored Port

  • Copies Ingress & Egress communication between ports to another port & Allows Monitoring

  • Functions as a network tap

2
New cards

tcpdump

CLI TOOL - Network Packet Analyzer

  • .pcap file

  • TCP/IP transmitted over network

3
New cards

FPC

Full Packet Capture

Captures entire packet; Header and Payload for ALL Traffic

4
New cards

Flow Collector

Record network traffic metadata and statistics - Capture Flow Information

  • Does NOT capture specific content flow

  • Allows alerts and highlights trends and patterns

5
New cards

NetFlow

Delivers NetFlow METADATA info to database

  • Utilizes IPFIX to define specific traffic flow based on packets with same characteristic (Destination, Origin, etc)

6
New cards

Zeek

Packet Sniffer Tool

Logs potentially interesting data

  • Unifies data into .json format

  • Performs data normalization

7
New cards

DGA

Domain Generation Algorithm

Dynamically changes domain names to circumvent blocklists for C2 networks.

8
New cards

Fast Flux Network

Method to hide presence of C2 networks by changing host IP Address in domain records using DGA

9
New cards

DGA Detection

  • Calls out to randomly generated Domains (Suspicious Looking)

  • NXDOMAIN errors

10
New cards

Secure Recursive DNS Resolver

Resolves DNS requests by querying DNS hierarchy then filters and blocks dangerous sites using Threat Intelligence.