“PCAP or it didn’t happen” is a good network security philosophy. Theprimary idea being to capture network traffic for analysis. In anon-corporate environment where a CentOS-based Linux host has been usedas a dual homed firewall (refer to the lame ASCII art network diagrambelow), tcpdump was used for continuous traffic capture.
_( )______ ________ +-----+ _( )__( Internet )---/ Router \----| F/W |----( DMZ )(____________) \________/ +-----+ (________)Firstly, we create a location to save the pcap files.
Read More →