Explain the concepts and procedures associated with analyzing network traffic by addressing the following:Explain the differences and similarities between Wireshark and NetWitness.
Explain the steps in the TCP three-way handshake.
Describe the process for determining Wireshark network traffic packet counts.Explain the relevance of protocol analyzers to information security professionals.Explain baseline analysis.What is it?What is it used for?
Explain the difference between internal and external network traffic.Describe the difference between TCP and UDP.Now apply what you learned in the lab to the following scenario.Scenario and Your RoleInformation security incidents are stressful events for security practitioners. Inevitably, you will be faced withresponding to an incident at some point in your career. Imagine that you discover that your organization’s networkhas been hacked. Indicators of compromise (IoC) include known hacking tools, modified file permissions, andmultiple connections to an unknown network.Root cause analysis shows that the attackers gained access to the network through the demilitarized zone (DMZ)from a compromised web server. A contributing factor in this attack is that the intrusion detection system (IDS) wasmisconfigured.You must prepare a report on the incident for the CISO.RequirementsContinue working in the same document; simply start your report on a new page with an appropriate heading.TutorialsSupportLog OutTravisPickle
In your 3–4 page report, address the following:Outline an incident response plan for this type of attack.Describe the concepts and strategies you would include in this plan.Explain the purpose of a baseline analysis in an incident response plan.Explain how you will test your incident response plan.