From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Using five-tuple log analysis

Using five-tuple log analysis

From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Start my 1-month free trial

Using five-tuple log analysis

- The term Tuple stems from a juice in a relational database. Where a Tuple is one record or one row. When doing an analysis one way to look at the data is by using the five tuple approach. Well, how does this work? Well, the first thing that has to happen when Wireshark or other packet analyzer crunches through a ton of packets, is to determine which protocol and conversation each packet belongs to. So the five Tuple approach uses the following. Source IP, source port, destination IP, destination port and layer four protocol. Let's see what this looks like in Wireshark. If you'd like to follow along, go to this webpage and select NMAP, click view and it will download and then you can open it in Wireshark. Now, once it's open I would like to show you a few things. Down in the lower right-hand corner there's what we call the configuration profiles. We'll just open this up. And as you see there are others.…

Contents