Overview

Wireshark and Snort can be utilized to read, capture, and analyze traffic.

Snort is a free, open-source, network intrusion detection system (NIDS) and monitoring agent that scans for patterns in packets. Snort is the world’s most widely used IDS technology. IDS stands for intrusion detection system.

Wireshark captures and reads traffic and decodes it in a readable format. Since 2006, and with over 500,000 downloads per month, Wireshark has become an industry standard and is one of the most commonly used tools for network security, optimization and troubleshooting. Wireshark can also provide insight regarding latency and network characteristics.

Having the skills and knowledge to capture and analyze packets can help you efficiently discover what is really happening on the networks you are scanning.

Commonly, security administrators will be asked to look at a packet trace to analyze a recent attack. In the “Using Snort and Wireshark to Analyze Traffic” lab from CybrScore, we will demonstrate the need for skilled analysts to be able to critically inspect network traffic and detect suspicious activity, we will learn how to use Snort and Wireshark to quickly and effectively scan and understand what’s happening in your network.