Which of the following would one NOT expect to find in a packet capture of an HTTP packet?
- referrer header
- SYN flag
- user agent
SYN flags are seen in TCP packets that are part of the three-way TCP handshake. Once the connection setup is complete, the HTTP packets will not have this element.
Among the elements in an HTTP packets are the following:
– user agent – software (a software agent) that is acting on behalf of a user
– referrer header – URL data from an HTTP header field identifying the Web link used to direct users to a Web page
– host – sending device
Objective: Security Monitoring
Sub-Objective: Describe the function of these protocols in the context of security monitoring: DNS, NTP, SMTP/POP/IMAP, HTTP/HTTPS