Course Code: 689

zNetwork & Packet Analysis

Class Dates:
4 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • This course teaches the student the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low profile offensive operations.

    The hands-on course begins with discussing the role of network packet analysis in computer network operations (CNO). After a detailed discussion of the TCP/IP protocol suite and ethernet network operations, the student practices using the command line tool tcpdump and the protocol analyzer tshark to capture and analyze self-generated network traffic. Students then are asked to examine actual packet captures which illustrate various exploits, network reconnaissance techniques, and more advanced network attacks.

    The course concludes with an extensive real world exercise in which the student must utilize all of the concepts and tools learned in class to analyze and fully characterize the various network threats and breaches.


  • CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.

  • Recommended Courses:

  • CompTIA Network+ (N10-006)

Course Details

  • TCP/IP Review
  • OSI vs Internet Model
  • Physical and Logical Addresses
  • Services and Ports
  • Domain Name System
  • Routing& Traffic Types
  • IP Protocols: TCP/UDP
  • Media Access Control
  • Network Communications
  • The Protocols
  • Link Layer, Ethernet Address Resolution Protocol
  • Network Layer, Internet Internet Control Message Protocol
  • Transport Transmission Control Protocol,User Datagram Protocol
  • Application Layer
  • Dynamic Host Configuration Protocol
  • • Hypertext Transfer Protocol
  • Basic tcpdump
  • Sniffing Basics
  • Capture and read files
  • Command line options
  • Filters: hosts, ports and protocols
  • Decrypting output
  • Advanced tcpdump
  • Advanced expressions and primitives
  • Qualifiers
  • Expression combinations
  • Offsets and specific byte identification
  • Byte range filters
  • Bit masking
  • Wireshark
  • Creating customized capture filters
  • Display filters
  • Filters and target lists
  • Session reconstruction
  • Dangers of WiFi
  • Practical Exercise
  • An all-day team exercise to analyze packet captures from a victim network and to provide a detailed analysis of findings