¿Qué es Technical Concepts?

Technical Concepts - Comfidentia

Traffic captures are network packet records that allow analyzing network traffic for monitoring and troubleshooting.

What are Traffic Captures?

Traffic captures are network packet records that allow analyzing network traffic for monitoring, troubleshooting and security analysis.

Capture Tools

Wireshark

Graphical interface: Graphical user interface
Analysis: Packet analysis
Filters: Advanced filters
Statistics: Traffic statistics

tcpdump

Command line: Command-line tool
Filters: Capture filters
Format: Output format
Performance: High performance

Tshark

Command line: Wireshark CLI version
Filters: Capture filters
Analysis: Packet analysis
Scripting: Automation

Basic Commands

tcpdump

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Capture all traffic
tcpdump -i eth0

# Capture specific traffic
tcpdump -i eth0 host 192.168.1.1

# Capture specific port
tcpdump -i eth0 port 80

# Save to file
tcpdump -i eth0 -w capture.pcap

Wireshark

1
2
3
4
5
6
7
8
# Capture with Wireshark
wireshark -i eth0

# Capture with filter
wireshark -i eth0 -f "host 192.168.1.1"

# Analyze file
wireshark -r capture.pcap

Filters

Capture Filters

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# By IP
host 192.168.1.1

# By port
port 80

# By protocol
tcp

# By range
net 192.168.1.0/24

Display Filters

# Wireshark filters
ip.addr == 192.168.1.1
tcp.port == 80
http.request.method == "GET"
dns.qry.name contains "google"

Traffic Analysis

Protocols

HTTP/HTTPS: Web traffic
DNS: DNS queries
SMTP: Email
FTP: File transfer

Applications

Web: Web applications
Email: Email client
Chat: Chat applications
VoIP: Voice over IP

Security

Malware: Malware detection
Intrusions: Intrusion detection
Anomalies: Anomaly detection
Compliance: Regulatory compliance

Use Cases

Troubleshooting

Connectivity: Connectivity problems
Performance: Performance problems
Errors: Error analysis
Timeout: Timeout problems

Monitoring

Traffic: Traffic monitoring
Applications: Application monitoring
Users: User monitoring
Security: Security monitoring

Analysis

Behavior: Behavior analysis
Patterns: Pattern analysis
Trends: Trend analysis
Optimization: Network optimization

Best Practices

Capture

Filters: Use appropriate filters
Time: Limit capture time
Size: Limit file size
Location: Appropriate location

Analysis

Methodology: Analysis methodology
Tools: Appropriate tools
Documentation: Document findings
Correlation: Correlate with other data

Security

Authorization: Obtain authorization
Data: Protect sensitive data
Retention: Retention policies
Access: Access control

NPM - Network monitoring that captures traffic
Dashboards - Traffic capture visualization
Logs - Traffic capture logs
Telegraf - Tool that collects traffic captures
InfluxDB - Database that stores traffic captures
Network Metrics - Measurement based on traffic captures
Firewall - Device that captures traffic
VPN - Connection that is captured in traffic
VLAN - Segment that is captured in traffic
Routers - Devices that capture traffic
Switches - Devices that capture traffic
CISO - Role that oversees traffic captures

What are Traffic Captures?

Capture Tools

Wireshark

tcpdump

Tshark

Basic Commands

tcpdump

Wireshark

Filters

Capture Filters

Display Filters

Traffic Analysis

Protocols

Applications

Security

Use Cases

Troubleshooting

Monitoring

Analysis

Best Practices

Capture

Analysis

Security

Related Concepts

References