Capture File Filtering with Wireshark: Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.
Intrusion detection tools that use the libpcap C/ C++ library [1] for network traffic capture (such as Snort [2] and Tcpdump [1]) can output packet capture information to a file for later reference. The format of this capture file is known as pcap. By capturing packet data to a file, an investigator can return later to study the history of an intrusion attempt – or to turn up other important clues about clandestine activity on the network.
read more
DIGITAL JUICE
No comments:
Post a Comment
Thank's!