The things learned from this session:

• What is flow analysis? The term “flow” itself refers to a sequence of packets that is transmitted from the source to the destination. Hence, flow analysis is conducted to determine the patterns in the sequence of packets or traffic, isolate suspicious activity, analyze higher layer protocols, and extract data.
• What is unicast, anycast, and multicast? Unicast refers to the transmission of packets from one source to a destination. An example can be a person watching a Youtube video. Anycast is when an IP “exists” in many locations. It is also called the global IP. For instance, if a person accesses Google in Europe, he will be directed to the nearest server of Google. Multicast happens when data is transmitted to multiple devices. An example would be a radio station spreading its signals so that the people can hear the radio.
• The difference between broadcast and multicast. The concepts of broadcast and multicast are similar in the sense that packets are transferred to multiple destinations. However, in broadcast, services are only provided to the subscribers. For example, only the customers of First Media will get access to its services.
• The tools used for flow analysis. The tools used for flow analysis include Tshark, Tcpflow, Pcapcat, Tcpxtract, etc.