Table of contentsUsing tcpdump for Network Traffic Analysis Different Categories of Traffic One of Your Hosts Initiated Activity Your Host Initiated Activity Example All Activity Examined to/from myhost.com Someone is “Spoofing” Your IP’s Detection of Handler/Agent Communication Crawlers, Agents, and Bots – Oh my! Attempted Connection to TCP Port 53 Opportunistic Reconnaissance/Corruption? What a “Normal” TCP Connection Session Looks Like |
Author: Judy Novak Homepage: http://www.calug.com/ Further information: |