This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics. The course includes real-world, hands-on scenarios featuring packet captures from network attacks and forensics investigations. Attendees will learn how to reconstruct network intrusions and extract information, such as credentials, images, malware, and Indicators of Compromise (IOCs) from packet capture files. Attendees will also learn how to piece together and extract network evidence and tie the evidence to a suspect. Wireshark is the primary tool used throughout this course, but other tools and techniques are covered as well.
- Network and Traffic Analysis Basics
- Wireshark Overview and Use
- Working with Captured Packets – Lower-Level Protocols
- Working with Captured Packets – Higher-Level Protocols
- Basic Real World Scenarios
- Protocol Dissection
- Tools: Wireshark, Network Miner, MaxMind GeoIP Databases
- Perform malware analysis
- Perform penetration testing
- Recognize if someone is a Man-In-The-Middle (MITM), sniffing your traffic at Starbucks, the hotel, etc.
- Troubleshoot network applications or network latency
- Track down infected users and top bandwidth consumers
- Perform incident response
- Want to know if you are infected with malware
General knowledge of TCP/IP, networking, and the OSI Model. Exposure to networking protocols and technologies such as DNS, DHCP, ICMP, FTP, HTTP, SMTP, and ARP.
Applies Towards the Following Certificates
- Cybersecurity Tools & Techniques : Cybersecurity Tools & Techniques