Week 4 is amore practical lecture as compared to the other lectures. in this lecture we learn about the tools we can use to analyze files more specifically pcap files. These type of files we learn to use tools such as tshark and the more commonly used wireshark.
Additionally we also learned about traffic flow analysis. traffic flow analysis is the packet traffic between endpoints is copied, recorded, and analysed by specific tools in order to find discrepancies or unusual behaviour. Commonly, we use wireshark as the main tool of flow analysis because it allows for many different analysis methods while keeping it easy to use with the GUI. The use includes the sorting between source and destination IPs, package source, port source and destination, as well as object extraction.