Joe, the security administrator, has determined that one of his web servers is under attack. Which of the
following can help determine where the attack originated from?
Capture system image
Record time offset
Network sniffing is the process of capturing and analyzing the packets sent between systems on the network. A
network sniffer is also known as a Protocol Analyzer.
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data
communications sent between devices on a network. Capturing and analyzing the packets sent to the web
server will help determine the source IP address of the system sending the packets.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoftand Wireshark (formerly Ethereal).