Packet forensics using TCP

by Don Parker, Mike Sues
Sept. 25, 2017 1 comment Symantec Detection & Response TCP

This article is set to arm you with the knowledge that allows one to approach a packet stream and successfully be able to determine if there are any missing packets. This is imperative in cases where your data set is missing packets that may contain crucial indicators of the breach. You would only know that by doing the analysis shown below. One aspect we will not deal with in this article is analysis of application layer data. We shall concentrate with trying to arm you with just the knowledge that you require in order to pull off packet forensics. With that said, let's get to it!

2flash 7 months, 3 weeks ago

Really crazy idea for 2005 hehe. TCP was the thing back then :)