1
00:00:00,590 --> 00:00:07,850
Packet analysis and traffic sniffing are utilized by various network devices, including routers, switches

2
00:00:07,850 --> 00:00:10,100
and firewall appliances.

3
00:00:10,130 --> 00:00:17,930
These devices capture and interpret the raw bits of packets, examining field values to make informed

4
00:00:17,930 --> 00:00:21,350
decisions about the appropriate actions to take.

5
00:00:21,890 --> 00:00:27,740
Here we have three different devices examined for network traffic.

6
00:00:27,770 --> 00:00:29,720
The first is routers.

7
00:00:30,620 --> 00:00:39,560
Ruders capture traffic and analyze the IP header which works on the layer two of internet layer to determine

8
00:00:39,590 --> 00:00:42,660
the appropriate routing path for the packets.

9
00:00:42,680 --> 00:00:50,140
And here in this course you will learn all of this, this PDU and the TCP IP layers here.

10
00:00:50,150 --> 00:00:59,060
And we also have the firewalls, firewalls, monitor all network traffic and enforce access control

11
00:00:59,060 --> 00:00:59,840
lists.

12
00:01:00,620 --> 00:01:09,470
X, so they drop packets that do not comply with the specified rules in the ACLs, ensuring that only

13
00:01:09,500 --> 00:01:12,620
authorized traffic is allowed to pass through.

14
00:01:12,680 --> 00:01:19,700
For instance, when they when data passes through a firewall, the device inspects the traffic and decides

15
00:01:19,730 --> 00:01:26,720
whether to permit or deny the packets based on the ACL rules.

16
00:01:26,720 --> 00:01:30,800
As I said, an ACL means access control list.

17
00:01:31,250 --> 00:01:41,630
And here too, and here, as you can see in this diagram, I draw something that simulated how ACL works.

18
00:01:41,990 --> 00:01:43,390
And here we are.

19
00:01:43,400 --> 00:01:46,130
Communication order starts from bottom to top.

20
00:01:46,130 --> 00:01:51,650
So as you can see, one, two, and here we have two way communication.

21
00:01:51,650 --> 00:02:01,260
And to decide whether to allow or deny a packet, the firewall must check each header as it passes through

22
00:02:01,260 --> 00:02:02,190
the device.

23
00:02:02,190 --> 00:02:06,360
And here we have the feeder IP header, TCP header and Ethernet header.

24
00:02:06,390 --> 00:02:10,470
They both have source source port and destination port.

25
00:02:11,200 --> 00:02:19,720
And here the firewall checks them and it and it will determine variables such as IP addresses, transmission

26
00:02:19,720 --> 00:02:27,550
control protocol, TCP IP flags here, TCP flags and port numbers here.

27
00:02:27,550 --> 00:02:30,610
Destination Port and Source Port Destination Port Source port here.

28
00:02:30,610 --> 00:02:33,370
Destination Address and Source Source address here.

29
00:02:33,370 --> 00:02:36,190
So and port numbers that are in use.

30
00:02:36,190 --> 00:02:45,190
If the packet does not meet the ACL entry, the firewall, as you can see here, will drop the packet

31
00:02:45,190 --> 00:02:46,780
as shown in this diagram.

32
00:02:46,780 --> 00:02:58,150
And inboard syn packet with a destination port of 80 is blocked because it does not match the rules.

33
00:02:59,120 --> 00:03:07,670
And it's so important to note that a packet sniffer while examining traffic, does not modify the contents

34
00:03:07,670 --> 00:03:15,140
of the packets in any way, and its purpose is solely to capture traffic for analysis as it traverses

35
00:03:15,140 --> 00:03:15,920
the network.

36
00:03:15,920 --> 00:03:21,680
And packet sniffing and analysis have played integral roles in network management for many years.

37
00:03:21,710 --> 00:03:27,680
However, the initial step in the analysis process is to capture the network traffic and which we will

38
00:03:27,680 --> 00:03:30,140
explore in the subsequent sections.