From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Detecting anomalies using the sliding window
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Detecting anomalies using the sliding window
- Transmission control protocol is a connection oriented transport layer protocol. It begins with a three-way handshake. Data is then sequenced and acknowledged. And it supports windowing and flow control. Windowing and flow control are achieved by using the field value, window size in the TCP header. Flow control is an end-to-end control method where a host transmits a window size with every acknowledgment indicating how many bites it can accept. So the sender doesn't transmit too much data and overwhelm the host. Let's take a look in Wireshark. I've opened this capture and we're going to do a couple of things so we can see the window. Now, when we go in here and I'll just pull this up. I'm going to drop down the TCP header. And, we're going to scroll down and here we see the window size. To add that as a column value, just simply right click and say apply as a column. I'll pull that up. And, another thing I want to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
Recognizing the complexity of today’s environment3m 46s
-
(Locked)
Leveraging threat intelligence5m 13s
-
(Locked)
Hunting threats4m 23s
-
(Locked)
Analyzing malware2m 35s
-
(Locked)
Dissecting malware using reverse engineering6m 40s
-
(Locked)
Detecting anomalies using the sliding window4m 50s
-
(Locked)
Comparing detection methods4m 10s
-
(Locked)
Using five-tuple log analysis4m 48s
-
(Locked)
Monitoring data loss using traffic profiles4m 24s
-
-
-