From the course: IT Security Foundations: Network Security
Join today to access over 24,900 courses taught by industry experts.
Examining honeypot findings
From the course: IT Security Foundations: Network Security
Examining honeypot findings
- [Narrator] Many times, if you get an out of the box honeypot, it contains logging capabilities. The honeypot acts as a sniffer and gathers data while it's traveling through the network and in the honeypot. Now that information can be stored and then used for forensic purposes. Let's take a look. Here, I have a pre captured packet that we can use to dig down and see some of the evidence contained in the capture file. I've opened it up in Wireshark, a free protocol analysis tool. Now, when you take a look at a capture file or a log file or any evidence that you get where you're concerned about an indication of compromise, the information doesn't always stand out. You have to take a look and then do further analysis. For this, what I'm going to do is go to statistics and conversations. Now, once here, I'll go to TCP, and then I'm going to sort by port A, because what I'm looking for is specific ports that could be associated with malicious activity. Now I'll scroll down, and here I'm…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.