First page Back Continue Last page Overview Graphics
Why Use tcpdump?
Used with a signature/protocol/anomaly-based NIDS
Provides an historical record of header traffic into/out of network
- NIDS will only fire on traffic for which there is a signature/anomaly
- May not capture new exploits
- May not capture traffic after alerts
- May not capture traffic before alert
Notes: