Wireshark and Packet Capture provided us with a view into network traffic and how much of it exists. How can a Security Analyst effectively use wireshark to detect attacks in real time? IDSs are poised to alleviate those short comings, A properly deployed IDS can provide a secure measure to detect network attacks based on their signature. The short comings of IDSs are that, it can really only help you against known attacks. Anything that is new is still hard to detect. Until someone creates a signature pattern to look for.
In the coming weeks, we will discuss IDSs as the technology. We will also attempt to install Snort IDS on a PC. And then we will make an effort to write some signature for simple network patterns to see if they can provide alerts on that type of behaviour.