PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. The primary idea being to capture network traffic for analysis. In a non-corporate environment where a CentOS-based Linux host has been used as a dual homed firewall (refer to the lame ASCII art network diagram below), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__ ( Internet )---/ Router \----| F/W |----( DMZ ) (____________) \________/ +-----+ (________) Firstly, we create a location to save the pcap files.

Read More →