VTEC Training
Course Code: 19022
Network Traffic Analysis Training
VTEC Training
Portland,
ME
Class Dates:
5/24/2021
6/21/2021
7/12/2021
Length:
5 Days
Cost:
$2495.00
Class Time:
Technology:
Security
Delivery:
Instructor-Led Training, Virtual Instructor-Led Training
Overview
- Course Overview
- This course provides the student the concepts, methodologies, and hands-on tools to analyze network traffic for the purposes of focused operations, cyber operations, intrusion detection, and incident response. Each student will be provided an overview on how packet analysis applies to their cyber security position.
You will learn to use and identify the most common causes of performance problems in TCP/IP communications. You will develop a thorough understanding and how to spot the primary sources of network performance problems.
You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters that identify malware-infected computers and several network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. - Audience
- Security Professionals
Network Administrators
Prerequisites
- Topics you will cover in this course include:
Traffic capturing techniques and analyzer placement
Traffic filtering (capture/display)
Customized profiles creation
Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
Normal behavior of ARP, DNS, IP, TCP, UDP, ICMP, and HTTP/HTTPS
Latency issue identification
Course Details
- What you will learn:
- Basic use of the tool and theoretical concepts of operation and dependence with other tools
- Find the root of many problems related to the performance of your network
- Decode SSL to inspect network attacks that attempt to evade IDS
- Identify well-known networks attacks and get evidence of suspicious network traffic
- Limit security incidents to locate network intrusions
- Audit applications that make use of sockets
- Automate tasks with the help of scripts
- Use Tshark in a clever way to detect traffic anomalies
- Building Blocks
- OSI &TCP/IP Review
- Wireshark Tutorial
- Day in the Life (Common Protocols)
- Extracting Objects
- TCP - A Deeper Look
- Analytic Approach
- Internet Research
- Isolating Traffic
- Routing Principles
- Traceroute Analysis
- Standards and Protocol Analysis
- Start-to-Finish Protocol
- Analysis (Email Example)
- Analysis Beyond Wireshark
- Secure Protocols
- HTTP Header Analytics
- Big Capture
- More Tools and Tricks
- LABS:
- Wireshark Filtering (Part 1, Part 2)
- A Day in the Life (Common Protocols)
- Exporting Objects
- TCP/IP Analysis
- Internet Research
- Isolate Event #1
- Isolate Event #2
- Isolate Event #3
- Isolate Event #4
- Isolate Event #5
- RFC Research
- Meta-data Analysis
- .
- Non-Dissected Protocol Analysis
- Encrypted Traffic Analysis Referrer
- User- Agents
- Web Request Tracking
- Large Capture Investigation