In part four of this series, I’ll describe some different packet analysis tool filtering capabilities, some of the filters I use when whittling down PCAPs, and some tricks for applying them effectively.
By using PCAP analysis tool filtering capabilities you can slowly tune out the things you don’t care about until you’re left with the important stuff, ultimately transforming the PCAP. While not quite as slow and painstaking a whittling, the process of slowly peeling back packets is also reductive. Yes, I know that’s a weird transition, but it’s true. I think about whittling often when I need to use a lot of filters to find the data I want in a packet capture. In either case, the transformation is quite impressive. It might wind up as a toy for a child or a game call for a hunting trip. A craftsman chooses a lifeless piece of scrap wood and slowly carves slivers off of it until it takes an impressive form. Whittling is a lost art, but it’s a beautiful process.
0 kommentar(er)
