You are the lead investigator for a major intelligence agency in the Washington, D.C. area. You are in a security meeting with the network administrators and the chief technology officer (CTO). The CTO identifies the need to use Wireshark to perform network sniffing. As such, the CTO desires a technical paper on the procedures to be used during Wireshark implementation, the types of evidence that can be captured, and how the evidence can be captured.
The technical paper (TECH-MEMO) to be provided to the CTO consists of researching Wireshark and explaining how investigators may implement at least 3 of the following Wireshark capabilities:
- The capture of live packet data from a network interface
- How Wireshark can open files containing the captured packet data from other tools, such as TCPDump, Windump, or Snort
- How Wireshark can save, export, and filter packet captured and based on criteria
- How Wireshark can search for packets based on certain criteria
- How Wireshark can colorize a packet display based on a selected filter scheme
The paper should be 3–5 pages in Word and should provide descriptions for the 5 bullets above. It should also include a title page, introduction, main body, conclusion, and reference list in APA format.