From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using five-tuple log analysis
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Using five-tuple log analysis
- The term Tuple stems from a juice in a relational database. Where a Tuple is one record or one row. When doing an analysis one way to look at the data is by using the five tuple approach. Well, how does this work? Well, the first thing that has to happen when Wireshark or other packet analyzer crunches through a ton of packets, is to determine which protocol and conversation each packet belongs to. So the five Tuple approach uses the following. Source IP, source port, destination IP, destination port and layer four protocol. Let's see what this looks like in Wireshark. If you'd like to follow along, go to this webpage and select NMAP, click view and it will download and then you can open it in Wireshark. Now, once it's open I would like to show you a few things. Down in the lower right-hand corner there's what we call the configuration profiles. We'll just open this up. And as you see there are others.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
Recognizing the complexity of today’s environment3m 46s
-
(Locked)
Leveraging threat intelligence5m 13s
-
(Locked)
Hunting threats4m 23s
-
(Locked)
Analyzing malware2m 35s
-
(Locked)
Dissecting malware using reverse engineering6m 40s
-
(Locked)
Detecting anomalies using the sliding window4m 50s
-
(Locked)
Comparing detection methods4m 10s
-
(Locked)
Using five-tuple log analysis4m 48s
-
(Locked)
Monitoring data loss using traffic profiles4m 24s
-
-
-