This course teaches the student the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low profile offensive operations.
The hands-on course begins with discussing the role of network packet analysis in computer network operations (CNO). After a detailed discussion of the TCP/IP protocol suite and ethernet network operations, the student practices using the command line tool tcpdump and the protocol analyzer tshark to capture and analyze self-generated network traffic. Students then are asked to examine actual packet captures which illustrate various exploits, network reconnaissance techniques, and more advanced network attacks.
The course concludes with an extensive real world exercise in which the student must utilize all of the concepts and tools learned in class to analyze and fully characterize the various network threats and breaches.
Prerequisites
CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.