Using CACE Pilot as a Network Security Tool
Protocol analyzers capture, decode, and evaluate traffic flows and are also useful for security incident investigation.
There are many ways to monitor traffic, from router and firewall logs to network intrusion detection and forensics appliances. This eSecurity Planet review discusses how protocol analyzers can be used for security investigations and offer a review of how CACE Pilot works for handling network security tasks.
"If you're only interested in history, you can drill into saved captures with a protocol analyzer. If you're responding to an incident, you can use a protocol analyzer directly for live capture. Either way, protocol analysis is a fast way to get a grip on network activity by drilling down until you find what you're looking for (or hoping that you wouldn't find).
"But it's far too easy to get lost in packet details. Browsing a long list of decodes is an inefficient way to understand who is talking to whom in a large active LAN. With an analyzer like Wireshark, you can filter on most protocol fields/values but constructing long nested filters to drill-down is tedious. Wireshark can also reconstruct TCP sessions or conversation lists, letting you work your way back from selected packet details to deliver some higher-level perspective."