Using CACE Pilot as a Network Security Tool

Protocol analyzers capture, decode, and evaluate traffic flows and are also useful for security incident investigation.

By Enterprise Networking Planet Staff | Posted May 21, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

There are many ways to monitor traffic, from router and firewall logs to network intrusion detection and forensics appliances. This eSecurity Planet review discusses how protocol analyzers can be used for security investigations and offer a review of how CACE Pilot works for handling network security tasks.

"If you're only interested in history, you can drill into saved captures with a protocol analyzer. If you're responding to an incident, you can use a protocol analyzer directly for live capture. Either way, protocol analysis is a fast way to get a grip on network activity by drilling down until you find what you're looking for (or hoping that you wouldn't find).

"But it's far too easy to get lost in packet details. Browsing a long list of decodes is an inefficient way to understand who is talking to whom in a large active LAN. With an analyzer like Wireshark, you can filter on most protocol fields/values – but constructing long nested filters to drill-down is tedious. Wireshark can also reconstruct TCP sessions or conversation lists, letting you work your way back from selected packet details to deliver some higher-level perspective."

Read the Full Story at eSecurity Planet

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter