Build on what you learned in Protocol Analysis I, this time using command line tools and techniques. You will use the ubiquitous tcpdump program, starting with simple capture tasks and then building up to complex filtering and display options. In the process, you will dig deeply into TCP and IP header fields, learning how these can be used to find the traffic you're interested in. You will examine ICMP, SSH, and HTTP traffic, including that from web shells commonly used in attacks. With the techniques learned in this exercise, you will be able to gather and filter packet capture data from server systems, then later process it on graphical security operations workstations.
Prerequisites
The Protocol Analysis I lab or equivalent knowledge of Wireshark and TCP/IP packet capture. Familiarity with how to use the command line in Linux/Unix systems.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Incident Response Package
- Law Enforcement/Counterintelligence Forensics Analyst 1
- Cyber Defense Forensics Analyst 1
- Cyber Defense Analyst 1
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 1
- Vulnerability Assessment Analyst 1
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
