As a Security Analyst, you must have a complete mastery over TCP/IP protocol. Packet Analysis is making use of a packet sniffer to capture the packets and analyze the flow of data between two devices communicating on a network.
Packet Analysis is a technique used to intercept data in information security, where many of the tools that are used to securethe network can also be used by attackers to exploit and compromise the same network. The core objective of sniffing is to steal data, such as sensitive information, email text, etc., or sniff the traffic that is being transmitted between two parties.
Packet Analysis involves intercepting network traffic between two target network nodes and capturing network packets exchanged between nodes. A packet sniffer is referred to as a network monitor that is used legitimately by a network administrator to monitor the network for vulnerabilities by capturing the network traffic and should there be any issues, proceeds to troubleshoot the same.
Similarly, sniffing tools can be used by attackers in promiscuous mode to capture and analyze all the network traffic. Once attackers have captured the network traffic they can analyze the packets and view the user name and password information in a given network as this information is transmitted in a cleartext format. An attacker can easily intrude into a network using this login information and compromise other systems on the network.
Hence, it is very crucial for an Information Security Auditor or a Penetration Tester to be familiar with network traffic analyzers and he or she should be able to maintain and monitor a network to detect rogue packet sniffers, MAC attacks, DHCP attacks, ARP poisoning, spoofing, or DNS poisoning, and know the types of information that can be detected from the captured data and use the information to keep the network running smoothly.