From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring
Join today to access over 24,100 courses taught by industry experts.
Tunneling and encapsulation
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring
Tunneling and encapsulation
- [Instructor] Tunneling traffic encapsulates or conceals packets, and is another method used by malicious actors to hide content such as malware and command and control communication from being detected. One type of tunnel is a DNS tunnel. Now I found an example of an analysis of a DNS tunnel here at Stalkr's Blog. If you like, you can obtain the packet capture and follow along. So here you can see use the following network capture, and then we're going to take a look at what he found. So I've opened it up in Wireshark and you can take a look at it. As you can see, it's mostly DNS traffic and we'll do a filter and just make sure, and as you can see down below 99.1% of this traffic is DNS traffic. There are four ARP requests, but the rest is DNS traffic. And as you can see, it's a series of queries and responses throughout this entire capture. So what I did was I saved it locally and then I opened it up…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.