When you work with a network all day long you learn to be able to tell what kind of traffic is going to hit it at certain times of the day. For some network admins they know that in the morning they will see traffic coming from a lot of different news sources. And in the evening the web sites that bring in traffic on the network will be more of a recreational variety. It will be web sites such as Netflix and YouTube. This is because people are off of work or school and now they just want to relax. But what if something is different about the usual network traffic that is coming in? What if you have a feeling that something is wrong and you are being attacked? What kind of tool do you use to figure that out?
One of the more famous tools to use for this kind of situation is one that is called TcpDump. It is a simple command line tool that allows you to read and examine the traffic that is coming over the network. With TcpDump you are able to read the packets that come in over the network on a machine code level. It will give you the settings of all of the packets that are coming in but also the machine code of the data as well. It will also give you the memory address of the data once it is in your computer.
Once you have this type of information it is easy to see if the traffic that is coming over your network is legitimate or not. You can take a few packet bytes and see everything about it. This way you can make sure that everything is alright and if the need to panic is there or not.
The best thing about TcpDump is that it is easy to use. All you have to do is learn a couple of commands and you are able to quickly read data packets like you have been doing it for years. But do not mistake that simplicity for not having power. It is one of the most powerful network decompilers out there.