Skill Name: Target Orientated Principle
Categorize Tag: Basics Principle
Skill Content: Before capturing network traffic, we must realize the purpose (target) what are we looking for.
Skill Description: There are different approaches to capture network traffic in an IT network environment. If we do not have a clear target to capture network packets, the total result from a network tapping/snapping port will be a huge amount of raw data. It will be too large to analyze. Therefore, we need to target a clear task on the current network before we capture raw data from the IT network environment. Generally, these targets are (1) Special Abnormal Behavior like malware, (2) Special IP address or service port number, (3) Particular keywords of payload, (4) Other idiographic defined filters.
To reduce the amount raw data from one busy network environment, there are some recommendation from NSPA skills:
- (A) Ignore the traffic of system updates (Microsoft, Ubuntu, RedHat, ...)
- (B) Ignore the traffic of security protecting updates (AV, UTM, IPS, EPS)
- (C) Ignore the traffic of application updates (Adobe, Oracle, Google,...)
- (D) Ignore the all traffic from Broadcast and Multicast (Note: This will affect the result to analysis infection behavior on LAN)
After finishing the previous jobs, the PCAP file from Wireshark, TcpDump will be clear like crystal.
NSPA suggested display filter of Wireshark:
ip.addr in { target_IP1 target_IP2 target_IP3 target_net/16 }
ip.addr==target_IP
ip.addr==target_net/16
Online Course: https://youtu.be/Vy3p3V0Q2A4
Analytical Example: https://www.hugediamond.net/shop
------------------------------------------------------------------------
Extent Information:
Español: Antes de capturar el tráfico de la red, debemos reconocer el objetivo que estamos buscando.
Franch: Avant de capturer le trafic réseau, nous devons reconnaître la cible que nous recherchons.
German: Bevor wir den Netzwerkverkehr erfassen, müssen wir das gesuchte Ziel erkennen.
Chinese: 在擷取網路封包之前,我們要先清楚尋找的目標是什麼?
Japanese: ネットワークトラフィックをキャプチャする前に、探している目的(ターゲット)を確認する必要があります。
Vietnamese: Trước khi nắm bắt lưu lượng mạng, chúng ta phải nhận ra mục đích (target) mà chúng ta đang tìm kiếm.
Thai(Siamese): ก่อนจับทราฟฟิกเครือข่าย เราต้องรู้จักเป้าหมายที่เรากำลังมองหา
Indonesian: Sebelum menangkap lalu lintas jaringan, kita harus mengenali target yang kita cari.
Malay: Sebelum menangkap lalu lintas rangkaian, kita mesti mengenali sasaran yang kita cari.
Myanmar: network traffic ကိုမဖမ်းခင်မှာငါတို့ရှာနေတဲ့ပစ်မှတ်ကိုငါတို့အသိအမှတ်ပြုရမယ်။
