Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.
Prerequisites
Basic familiarity with TCP/IP networking (advanced knowledge not required) and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- Essential Tools for Cybersecurity
- Essential Tools for Network Engineering
- Incident Response Package
- Law Enforcement/Counterintelligence Forensics Analyst 1
- Cyber Defense Forensics Analyst 1
- Cyber Defense Analyst 1
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 1
- Vulnerability Assessment Analyst 1
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
