Professional Writers
We assemble our team by selectively choosing highly skilled writers, each boasting specialized knowledge in specific subject areas and a robust background in academic writing
Order For Similar Custom Papers & Assignment Help Services
Fill the order form details - writing instructions guides, and get your paper done.
Posted: December 9th, 2022
hw task 804 and 803 – do in independent word documents
Task 803 – 1 page
Instructions: Distinguish between full content data (including collection tools), session data (including collection tools) and statistical data (including collection tools)
Use examples from the readings, or from your own research, to support your views, as appropriate. Encouraged to conduct research and use other sources to support your answers. Be sure to list your references at the end. References must be in APA citation format. A minimum of 250-300 words.
Number of Pages: 1 Page
Page Line Spacing: Double spaced (Default)
Academic Level: College
Paper Format: APA
Task 804
1.
Write 150 word replies to each of the following:
Add additional insight opinions or challenge opinions and you can visit a couple of the web sites contributed and share your opinion of these sites. Minimum of 150 words for each.
Part 1 (respond in 150 words)
1) Session data, which can be obtained through full content data, summarizes pack exchange. The data is take from a flow, or a session, and allows analysis of source IP, source port, destination IP, destination port, the timestamp, and the overall information measurement exchanged during the session. The session first method is predicated on collecting all of the data, then summarizing all of the data as a conversation. This method is expected to work best on busy networks, where the method allows for quicker parsing of the data by an analyst, and allows for specific movement tracking.
Statistical data, on the other hand, is a way to look at a network that takes into account the normal behaviors and observed parameters of that network using descriptive statistics. This data identifies the patterns of overall traffic flow and gives the analyst the ability spot anomalies. Beyond that, these statistics can be used to identify potential inefficiencies and reallocate resources.
Each of these types of data have different tools available to collect and compile.
For full content data, the tools recommended are LIBPCAP, TCPDUMP, Tethereal, Snort, and Ethereal. Of these, LIBPCAP seems to be the foundation, as well as TCPDUMP, as the other tools seem to take those two programs and integrate them into their setups. Each provides their own format for packet data, and some allow you to go deeper into the data to pull out hexadecimal and ASCII data, including Tethereal, Ethereal, and Snort. Ethereal also has the ability to reconstruct streams.
For session data, tools use probes, collectors and consoles, working in concert to find, collate, and translate the data provided. The text recommends Cisco Net Flow due to the wide-spread use of Cisco technology, and the program’s compatibility with the many open source tools Mr. Bejtlich represents. This data can then be viewed through TCPDUMP. Some other open source collection tools include FProbe, NG_Netflow, Softflowd Pfflowd, and Ntop. Mr. Bejtlich also mentions Flow Tools, Flow Capture, Flow-Cat and Flow-Print (complimentary tools), Sflow and Sflow toolkit, and Argus, which is a complete traffic collector and analyzer.
For statistical data, Mr. Bejtlich introduces ifstat, bmon, and Trafshow, as well as many others. They provide short and long term data statistics, and allow the analyst to identify the broader trends.
Part 2 (respond in 150 words)
2) Full content data can be reviewed in two stages which are summary of data headers and inspection of individual packets. Full content data represents traffic on the wire or transmitted via radio frequency. The packet capture library libpcap (http://www.tcpdump.org) is the standard for reading packets. Three tools facilitate saving entire packet contents as given below:
Tcpdump — http://www.tcpdump.org
Ethereal/Tethereal — http://www.ethereal.com
Snort — http://www.snort.org
Session data represents conversations or flows between parties. In other words, it collects only the information pertinent to a particular area Two formats are used: NetFlow (http://www.cisco.com/go/netflow) and proprietary versions. Interface FastEthernet 0/0 on a Cisco 2600 series router can be configured to export NetFlow data to a collector listening on port 9995 UDP at IP 172.27.20.3 using the following commands:
enable
configure
interface FastEthernet 0/0
ip route-cache flow
exit
ip flow-export destination 172.27.20.3 9995
Session data is especially helpful because its ignorance of application data renders it immune to encryption. Session data can be quickly passed through grep to locate IPs or ports of interest. Because it tracks “who talked to whom and when,” session data is often the key to understanding an intrusion.
Statistical data represents broad trends in network activity. It’s easy to review dozens or hundreds of packets manually, but an overview is often helpful. Tcpdstat, which can be found at: http://staff.washington.edu/dittrich/talks/core02/tools/tools.html
Why choose us
You Want Quality and That’s What We Deliver
Discounted Prices
Our service is committed to delivering the finest writers at the most competitive rates, ensuring that affordability is balanced with uncompromising quality. Our pricing strategy is designed to be both fair and reasonable, standing out favorably against other writing services in the market.
AI & Plagiarism-Free
Rest assured, you'll never receive a product tainted by plagiarism or AI-generated content. Each paper is research-written by human writers, followed by a rigorous scanning process of the final draft before it's delivered to you, ensuring the content is entirely original and maintaining our unwavering commitment to providing plagiarism-free work.
How it works
When you decide to place an order with Nurscola, here is what happens: