Network Traffic Analysis with Wireshark
Cost
$2295
Continuing Education Credits
35 Hours
Duration
5 Days
Formats Available
Live In-Person
Live OnlineJob Target
Do you…
- Perform malware analysis
- Perform penetration testing
- Care if someone is a Man-In-The-Middle (MITM), sniffing your traffic at Starbucks, the hotel, etc.
- Troubleshoot network applications or network latency
- Track down infected users and top bandwidth consumers
- Perform incident response
- Want to know if you are infected with malware
If any of the above apply to you, you should attend the course.
Includes
- 70% Hands-On Training, geared to give you experience
- Exciting Capture-the-Flag challenges, based on realistic packet captures
- Focus on methodology to remove the noise and analyze pertinent traffic
- Expert Trainers with Real-World Experience
- Available Live Online or Live In-Person
- Outstanding Reviews
Description
This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics. The course includes real-world, hands-on scenarios featuring packet captures from network attacks and forensics investigations. Attendees will learn how to reconstruct network intrusions and extract information, such as credentials, images, malware, and Indicators of Compromise (IOCs) from packet capture files. Attendees will also learn how to piece together and extract network evidence and tie the evidence to a suspect. Wireshark is the primary tool used throughout this course, but other tools and techniques are covered as well.
- Network and Traffic Analysis Basics
- Wireshark Overview and Use
- Working with Captured Packets – Lower-Level Protocols
- Working with Captured Packets – Higher-Level Protocols
- Basic Real World Scenarios
- Protocol Dissection
General knowledge of TCP/IP, networking, and the OSI Model. Exposure to networking protocols and technologies such as DNS, DHCP, ICMP, FTP, HTTP, SMTP, and ARP.
No Exam for this Course
TOPICS COVERED
- TCP Flags
- Wireshark
- IPv4
- IPv6
- ARP
- DHCP
- ICMP
- DNS
- SMTP
- FTP
- TFTP
- HTTP
- HTTPS
- Wireshark Filtering
- Wireshark Colorization
- Wireshark Statistics
- Trace File Formats
- Network Miner
- Exporting Objects
- Packet Capture Data Extraction
- Base64
- GeoIP
- Social Media
- Browser Credentials
- HTTP Methods
- HTTP User-Agents
- SSL/TLS
- Network and Packet Analysis
- OSI Model
- Sniffing Techniques
- Packet Analyzers
- Clear Text Protocols
- Man-In-The-Middle (MITM)
- Unicast Traffic
- Broadcast Traffic
- Multicast Traffic
- TCP
- UDP
- Ports
- Control Channels
- Data Channels
- Covert Channels
- Wireshark Searches
- Wireshark Streams
- Wireshark Profiles
- Capture Filtering
- Display Filtering
- Encryption
- Encoding / Decoding
- Network Traffic Analysis Methodology
- Protocol Dissection
- HTTP Cookies
- Protocol Decoding