Understanding the concept of network security as a penetration tester is an asset in itself. In this chapter, we will focus on the cybersecurity operational side of things. Understanding how to detect threats and suspicious network traffic patterns is important as it will assist the IT security team in detecting and stopping attacks across the network. You will learn about various blue team tactics that are used to detect and prevent cyberattacks within an organization's network infrastructure. After submitting a penetration test report to the customer, the customer may ask for additional services that allow them to detect and prevent cyber threats in their organization. This chapter will aid you in getting started with suspicious traffic monitoring and prevention techniques.

In this chapter, we will cover the following topics:

• Using Wireshark to understand ARP
• Detecting ARP poisoning attacks
• Detecting suspicious activity
• Man-in-the-Middle (MITM) remediation techniques
• Sniffing remediation techniques