{"id":3068,"date":"2019-08-31T11:43:59","date_gmt":"2019-08-31T11:43:59","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3068"},"modified":"2020-05-01T11:34:58","modified_gmt":"2020-05-01T11:34:58","slug":"packet-capture","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/","title":{"rendered":"Packet Capture"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Refers to intercepting a data packet being\ncommunicated at a specific point in data network. <\/li><li>Capturing done for analysis <\/li><li>Can be real time<\/li><li>AWS has following issues for packet capture<ul><li>no\naccess to hardware routers and switches <\/li><\/ul><ul><li>AWS\nadds custom headers to data packets during transmission in AWS<\/li><\/ul><ul><li>AWS\nuses custom mapping service and no need for ARP<\/li><\/ul><ul><li>In\nsame VPC, intercepting traffic from one endpoint to another is not possible<\/li><\/ul><ul><li>VPC\nFlow Logs do not log some types of IP traffic <\/li><\/ul><ul><li>network\ninterface&nbsp; with promiscuous mode in AWS,\nwill not show traffic from other hosts <\/li><\/ul><\/li><li>EC2 instance can gives root access<ul><li>Can\nbe used to install capture software like wireshark<\/li><\/ul><ul><li>Capture\npackets using tcpdump<\/li><\/ul><\/li><li>A security appliance can also be used to capture\ntraffic and send it to a S3 bucket <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"389\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-159.png\" alt=\"\" class=\"wp-image-3763\"\/><\/figure>\n\n\n\n<p><strong>VPC Traffic Mirroring<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS feature of VPC to capture and inspect\nnetwork traffic <\/li><li>Has benefits of <ul><li>Can\ndetect Network &amp; Security Anomalies <\/li><\/ul><ul><li>Leverage\nOperational Insights <\/li><\/ul><ul><li>Better\nimplement Compliance <\/li><\/ul><ul><li>Troubleshoot\nIssues <\/li><\/ul><ul><li>Have\nincreased network performance<\/li><\/ul><ul><li>remove\nnetwork bottlenecks<\/li><\/ul><\/li><li>gives direct access to network packets flowing\nthrough VPC. <\/li><li>Can capture all traffic or specific traffic as\nper filters <\/li><li>Can also limit number of bytes captured per\npacket. <\/li><li>Can capture traffic from VPCs in different AWS\naccounts and route to central VPC for inspection.<\/li><li>Elements of VPC Traffic Mirroring <ul><li>Mirror\nSource \u2013 source of traffic<\/li><\/ul><ul><li>Mirror\nTarget \u2013 destination for mirrored traffic. Can be in same or different AWS\naccount <\/li><\/ul><ul><li>Mirror\nFilter \u2013 Rules for traffic to capture. Rules specify<ul><li>protocol\nto capture<\/li><\/ul><ul><li>source\nand destination port ranges <\/li><\/ul><ul><li>CIDR\nblocks for the source and destination<\/li><\/ul><ul><li>Rules\nare numbered, and processed as per order <\/li><\/ul><\/li><\/ul><ul><li>Traffic\nMirror Session \u2013 connection between mirror source and target using a filter. <\/li><\/ul><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Refers to intercepting a data packet being communicated at a specific point in data network. Capturing done for analysis Can be real time AWS has following issues for packet capture no access to hardware routers and switches AWS adds custom headers to data packets during transmission in AWS AWS uses custom mapping service and no&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":34,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,534],"class_list":["post-3068","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-packet-capture"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Packet Capture - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Packet Capture - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Refers to intercepting a data packet being communicated at a specific point in data network. Capturing done for analysis Can be real time AWS has following issues for packet capture no access to hardware routers and switches AWS adds custom headers to data packets during transmission in AWS AWS uses custom mapping service and no...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:34:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-159.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/\",\"name\":\"Packet Capture - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T11:43:59+00:00\",\"dateModified\":\"2020-05-01T11:34:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Packet Capture\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Packet Capture - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/","og_locale":"en_US","og_type":"article","og_title":"Packet Capture - Testprep Training Tutorials","og_description":"Refers to intercepting a data packet being communicated at a specific point in data network. Capturing done for analysis Can be real time AWS has following issues for packet capture no access to hardware routers and switches AWS adds custom headers to data packets during transmission in AWS AWS uses custom mapping service and no...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:34:58+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-159.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/","name":"Packet Capture - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T11:43:59+00:00","dateModified":"2020-05-01T11:34:58+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/packet-capture\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"Packet Capture"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3068"}],"version-history":[{"count":4,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3068\/revisions"}],"predecessor-version":[{"id":3764,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3068\/revisions\/3764"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3068"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}