Home Page Icon
Home Page
Table of Contents for
Appendix 4. Decimal / Hex / ASCII Conversion Chart
Close
Appendix 4. Decimal / Hex / ASCII Conversion Chart
by Jason Smith, Chris Sanders
Applied Network Security Monitoring
Cover image
Title page
Table of Contents
Copyright
Dedication
Acknowledgements
About the Authors
Chris Sanders, Lead Author
Jason Smith, Co-Author
David J. Bianco, Contributing Author
Liam Randall, Contributing Author
Foreword
Preface
Audience
Prerequisites
Concepts and Approach
IP Address Disclaimer
Companion Website
Charitable Support
Contacting Us
Chapter 1. The Practice of Applied Network Security Monitoring
Abstract
Key NSM Terms
Intrusion Detection
Network Security Monitoring
Vulnerability-Centric vs. Threat-Centric Defense
The NSM Cycle: Collection, Detection, and Analysis
Challenges to NSM
Defining the Analyst
Security Onion
Conclusion
Section 1: Collection
Chapter 2. Planning Data Collection
Abstract
The Applied Collection Framework (ACF)
Case Scenario: Online Retailer
Conclusion
Chapter 3. The Sensor Platform
Abstract
NSM Data Types
Sensor Type
Sensor Hardware
Sensor Operating System
Sensor Placement
Securing the Sensor
Conclusion
Chapter 4. Session Data
Abstract
Flow Records
Collecting Session Data
Collecting and Analyzing Flow Data with SiLK
Collecting and Analyzing Flow Data with Argus
Session Data Storage Considerations
Conclusion
Chapter 5. Full Packet Capture Data
Abstract
Dumpcap
Daemonlogger
Netsniff-NG
Choosing the Right FPC Collection Tool
Planning for FPC Collection
Decreasing the FPC Data Storage Burden
Managing FPC Data Retention
Conclusion
Chapter 6. Packet String Data
Abstract
Defining Packet String Data
PSTR Data Collection
Viewing PSTR Data
Conclusion
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
Abstract
Detection Mechanisms
Indicators of Compromise and Signatures
Managing Indicators and Signatures
Indicator and Signature Frameworks
Conclusion
Chapter 8. Reputation-Based Detection
Abstract
Public Reputation Lists
Automating Reputation-Based Detection
Conclusion
Chapter 9. Signature-Based Detection with Snort and Suricata
Abstract
Snort
Suricata
Changing IDS Engines in Security Onion
Initializing Snort and Suricata for Intrusion Detection
Configuring Snort and Suricata
IDS Rules
Viewing Snort and Suricata Alerts
Conclusion
Chapter 10. The Bro Platform
Abstract
Basic Bro Concepts
Running Bro
Bro Logs
Creating Custom Detection Tools with Bro
Conclusion
Chapter 11. Anomaly-Based Detection with Statistical Data
Abstract
Top Talkers with SiLK
Service Discovery with SiLK
Furthering Detection with Statistics
Visualizing Statistics with Gnuplot
Visualizing Statistics with Google Charts
Visualizing Statistics with Afterglow
Conclusion
Chapter 12. Using Canary Honeypots for Detection
Abstract
Canary Honeypots
Types of Honeypots
Canary Honeypot Architecture
Honeypot Platforms
Conclusion
Section 3: Analysis
Chapter 13. Packet Analysis
Abstract
Enter the Packet
Packet Math
Dissecting Packets
Tcpdump for NSM Analysis
TShark for Packet Analysis
Wireshark for NSM Analysis
Packet Filtering
Conclusion
Chapter 14. Friendly and Threat Intelligence
Abstract
The Intelligence Cycle for NSM
Generating Friendly Intelligence
Generating Threat Intelligence
Conclusion
Chapter 15. The Analysis Process
Abstract
Analysis Methods
Analysis Best Practices
Incident Morbidity and Mortality
Conclusion
Appendix 1. Security Onion Control Scripts
High Level Commands
Server Control Commands
Sensor Control Commands
Appendix 2. Important Security Onion Files and Directories
Application Directories and Configuration Files
Sensor Data Directories
Appendix 3. Packet Headers
Appendix 4. Decimal / Hex / ASCII Conversion Chart
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Appendix 3. Packet Headers
Next
Next Chapter
Index
Appendix 4
Decimal / Hex / ASCII Conversion Chart
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset