Intruder Detection with tcpdump

The Author

David J. Dodd holds a current Top Secret DoD Clearance and is available for consulting on various Information Assurance projects. A former US Marine with an Avionics background in Electronic Countermeasures Systems, David has given talks at the San Diego Regional Security Conference and SDISSA. He is a member of InfraGard and contributes to Securing Our eCity (http://securingourecity.org). He works for pbnetworks Inc. (http://pbnetworks.net), a service-disabled-veteran–owned business located in San Diego, CA. You can contact him by emailing dave@pbnetworks.net.

Related content

  • Wireshark

    Troubleshoot network problems with this popular protocol analyzer.

  • Network Grep

    Ngrep is a pattern-matching tool that sorts the wheat from the chaff and doubles as a lightweight packet sniffer.

  • Visualize Your Network

    Sometimes data that’s five minutes old just isn’t good enough. An abundance of network monitoring tools for SNMP makes a sys admin’s job easier by collecting and displaying a superabundance of constantly changing data.

  • Arp Cache Poisoning and Packet Sniffing

    Intruders rely on arp cache poisoning to conceal their presence on a local network. We'll show you some of the tools an attacker might use to poison the arp cache and gather information on your network.

  • Detecting intruders with Suricata
    If you're looking for an intrusion detection and prevention system, it pays to shop around. Suricata offers scalable performance and an impressive set of features – it even supports Snort rulesets.
comments powered by Disqus