You are the senior security analyst for Hammerstreet Inc. located in Florida. Hammerstreet’s primary product line revolves around high tech weapons developed for the US Army. For this reason, your position as the head of logical security is vital in ensuring that no corporate secrets are leaked. You are in the process of purchasing an IPS device for the network, so currently you only have an older IDS appliance sitting on the network.
On Monday morning when you get into work, you are alerted by your IDS that an outside IP is scanning numerous ports on your network. You are then alerted by the IDS that it is getting flooded by malformed packets to some commonly used ports such as ports 80, 135, 445, and 53. You logon to the IDS’ management console and run TCP dump to a text file for a time range of 10 minutes. You open the file initially but it is very difficult to read. You eed a utility that can group all the TCP packets in the file by their timestamps, to get a closer look at how much data is being sent to your network in a given amount of time.
What utility could you use to examine the TCP dump file closer and make it more readable?
A.
Tcpslice
B.
WinPcap
C.
TCPdump
D.
IDSwakeup
Correct answer is A
Thanks Sherlock