If you want a cyber security career as a SOC Analyst or a Penetration Tester, you must know these 9 things about network packets. If you understand this, everything else will come easy.
The entire internet, every device, and the system you are reading this on uses network packets. To be of value to a SOC Team or PenTesting team, you must have a solid understanding of what a network packet is. Packets are the internet's motor. Without them, it doesn't exist.
These 9 steps will give you some insight on how to dissect a network packet and understand it. If you can grasp a solid understanding, most cyber security tools will seem easy. Once you learn to drive, you just have to understand the options in each car. This works the same.
1. Capture the Network Packet - Use a sniffer tool such as WireShark to help you capture packets. This puts them all in one place to look at easily. Now you can analyze them.
2. Open the Packet - When you open the packet, it might seem like gibberish. I promise it will make sense in the next steps.
3. Inspect the Packet Headers - The headers are what tells you where the packet came from, where it is going, what protocol it is using, and some other data. Looking at this, you can determine the source IP, destination IP, port numbers, etc.
4. Identify the Protocol - Now it's time to determine what protocol the packet is using. Is it TCP, UDP, ICMP, etc? If you aren't sure what these are, google each one. They can be very easy to understand. This will help you understand the packet's content.
5. Decode the Payload - Now that you know the header and protocol, it's time to look at the payload. This is the meat of the packet. Is this HTTPS, DNS, or FTP traffic? If so, what is it's purpose?
6. Analyze the Packet - Now is when you take a deep dive into the packet. Are there specific patterns, errors, or anomalies? Understanding this deeper will help you understand communication between devices.
7. Follow the Packet Flow - Look at the packet before this one and after this one. Are you seeing the complete conversation or are you just seeing a tiny piece of it? Follow the chain of events behind the this specific series of packets.
8. Understand the Packet Purpose - Overall, what purpose does this packet serve? Does it support a specific purpose to your organization or does it constitute security concerts?
9. Useful Filters - Are you looking at all packets coming in and out? Do you just want to see DNS traffic or maybe HTTPS traffic? Using a tool such as WireShark can really help you filter down and only see what you want.
SIEMs, EDR, XDR, and other defensive tools are all built to analyze these packets. If you understand what's under the hood, it won't matter what piece of software you drive. Before you know it, you'll be cruising down A1A.
If you want more, I send weekly career tips out for free. You can subscribe at www.breakincyb...