Class Details

Packet Capture Analysis Level 1 Price: $1,950

Training promotions may be available, contact a training consultant at 240-667-7507 for more information!

This course is a review of the foundational skills that digital forensics examiners should have at a minimum. For the more experienced, this first course should serve as a review and reinforce the skills that are required for analysis. The course will explore the TCP/IP protocols and beginning through advanced protocol analysis. The course will review the methods of attack and identify the artifacts of both basic and advanced attacks. The assessment for the course will be a practical assessment based on the skills reviewed during the course. This training course is part of a 4 level series in Packet Capture Analysis, learn more about the other courses in the series below:

Price Match Guarantee Phoenix TS

Packet Capture Analysis Level 1 Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

Module One: TCP/IP Review and Primer Overview

-        Standards and models

-        Protocol components

-        Headers and Encapsulation

-        IP

-        ICMP

-        UDP

-        TCP

-        Crafting and modifying headers

-        Hping

-        Scapy

-        others

Module Two: Protocol Analysis

-        Network protocols

-        IP

-        TCP

-        UDP

-        ICMP

Lab 2-1: Network Protocol Analysis

-        Analyzing network traffic

-        Examining the data at the packet level

-        Control flags of TCP

-        Identifying the characteristics of network connections

Lab 2-2: Analysis of Network Connections

-        Dynamic address assignment

-        DHCP

-        RARP

-        Bootp

-        DNS

Lab 2-3: Dynamic addressing and DNS

Module Three: Protocol Analysis Two

-        IP Routing


Lab 3.1: IPv4 and routing

-        IPv6

Lab 3-2: IPv6

-        Tunneling attacks using IPv6

Lab 3-3: Attacks over IPv6

Module Four: Advanced Protocol Analysis

-        Using protocol analyzers


-        dsniff

-        Wireshark

Lab 4-1: Protocol Analyzers

-        Routing Protocol Analysis

-        RIP

-        OSPF

-        BGP

Lab 4-2: Routing Protocols

Module Five: Attacks and the Hacking Methodology

-        Information Gathering

o   Public records search

o   Google hacking

o   Shodan

Lab 5-1: Information Gathering

-        Network Mapping

o   Live Systems

o   Ports

o   Services

o   Enumeration

Lab 5-2: Network Mapping

-        Identify Vulnerabilities

o   Manual

o   Nessus

o   OpenVas

o   Nikto

Lab 5-3: Vulnerability Identification at the Packet Level

-        Exploitation

o   Manual

o   Metasploit

Lab 5-4: Analysis of exploit methods

-        Post Exploitation

o   Persistence

o   Lateral movement

Lab 5-5: Post exploitation at the packet level

-        Privilege Escalation

o   Horizontal

o   Vertical

Lab 5-6: Privilege escalation analysis

Module Six: Intrusion Analysis Introduction

-        Recognizing common patterns of network attacks

-        Identifying normal vs abnormal traffic

-        Determining cause of abnormal traffic

Lab 6-1: Patterns of Intrusion Attacks

-        Identifying the OS from the network traffic

o   Passive fingerprinting techniques

§  TCP/IP stack nuances

Lab 6-2: OS fingerprinting

Module Seven: Artifacts of basic attacks

-        Direct attacks

o   Proxied

o   Using zombies

Lab 7-1: Direct attack analysis

-        Command and control analysis

o   Clear

o   Encoded

Lab 7-2: Basic attack analysis

-        Web Attacks

o   XSS

o   SQL Injection

Lab 7-3: Classic Web Attack Analysis

Module Eight:Concepts of Advanced Web and Advanced Attacks

-           Components of a sophisticated attack

o    Deception techniques

o    Protocol camouflage

o    Encryption and tunnels

Lab 8-1: Analysis of sophisticated attacks

-           Components of advanced attacks

o    Protocol encapsulation

§  More than one layer 7

o   Web attacks

§  Services


§  SSI

§  Access controls

Lab 8-2: Advanced Attack Artifacts and analysis

Module Nine: Review and Practical preparation

Lab Nine: Practical Assessment and Network Analysis Metrics

Register for Class

Date Location
01/21/19 - 01/25/19, 5 days, 8:30AM – 4:30PM Columbia, MD Sold Out!