This week, we learned about the techniques and tools that can be used for evidence acquisition through capturing or sniffing packets. Physical interception can be referred to as passive packet acquisition of data that is transmitted through wire. The tools that can be used to perform packet sniffing include Inline Network Tap, Vampire Taps, Induction Coils, Fiber Optic Taps.

Evidence Acquisition using software can be done using tools such as wireshark, tcpdump, nmap, ssh, etc.

tcpdump -D lists all possible network interfaces

tcpdump -I shows all captured packets