Network Forensics (IP)

Network forensics is the branch of digital forensics relating to analysis of computer network traffic in order to figure out what happened. In a CTF context, network forensics means packet captures, giant logs of all the packets that went over a wire, and you will have to find the flag, oftentimes with nothing in the way of a hint other than the title of the challenge. After completing this training, you too will be able to throw yourselves into the ether and become one with the packet capture, while simultaneously attempting to stave off madness and early onset glaucoma. Knowing how to use the tools to automate discovery is helpful, but most of the time it comes down to knowing the protocols, knowing what normal traffic looks like, and then identifying what looks “weird” in the million odd packets you’ve been given. It’s a dirty job, but somebody has to do it.

Last modified: Monday, 31 May 2021, 12:28 PM