Class Details

Packet Capture Analysis Level 2 Price: $1,950

Training promotions may be available, contact a training consultant at 240-667-7507 for more information!

This course will start with the advanced filtering capabilities in Wireshark that can assist in the analysis of different protocols and more importantly conversations between endpoints. This course will explore low-level packet analysis with tcpdump. The course will teach the foundation and advanced concepts of PCAP analysis with Wireshark and PCAP specific tools. The course will conclude with a practical assessment that includes a variety of capture files that exercise low-level methods. This training course is part of a 4 level series in Packet Capture Analysis, learn more about the other courses in the series below:

Price Match Guarantee Phoenix TS

Packet Capture Analysis Level 2 Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

Module One: Advanced Filtering in Wireshark Cheat Sheet

-        Leveraging the filter capabilities

-        Working within the GUI

Applying the Cheat Sheet for Filtering with Wireshark

-        Following session communication

-        Customizing the interface

-        Packet decomposition

-        Using the statistics features within the tool

Applying the Cheat Sheet for Advanced Filtering with statistics

Module Two: Intrusion Analysis of Network Traffic on Windows and Linux

-        Server Message Block (SMB) communications

Lab 2-1: SMB Analysis

-        RPC and SSH communication in Linux and Unix

Lab 2-2: RPC and SSH analysis

-        Windows and Active Directory (AD) communication and authentication

Lab 2-3: AD communications

Module Three: Low-Level Protocol Analysis

-        Tcpreplay

o   Using traffic replay for training and enhancing skillset

-        Packet breakdown

o   Using offsets

o   Hex traffic composition and analysis

Lab 3-1: tcpreplay and live capture analysis

-        Raw protocol composition and analysis

o   State table for TCP

o   Congestion avoidance

Lab 3-2: Raw analysis

Module Four: Mastering tcpdump

-        Basics

-        Raw output

-        Searches

o   Find IPs

o   Networks

o   Ports

o   Ipv6

Lab 4-1: tcpdump searches

-        Writing captures to a file

-        Reading captures from a file

Lab 4-2: Files and tcpdump

-        Advanced

o   Complex grouping and special characters

o   Isolating specific components

o   SSH connections

o   Low TTL

o   Evil bits

-        Lab 4-3: Advanced tcpdump tactics

 

Module Five:Investigating Email conversations to trace a path to the perpetrator Overview and Demo

Demo Email communication analysis

Module Six:Applying DNS Traffic Analysis for Internet Forensics

-           Records ofinterest

-        Analyzing DNS activity at the packetlevel

-Authoritative vsnon-authoritative

Lab 6-1: Examining DNS communications

-Attacks against DNS

o   Spoofing

o   Poisoning

Lab 6-2: DNS Attack analysis

Module Seven: Foundations of PCAP Manipulation

-        Capturing

o   Using the command line tool dumpcap

o   Filtering PCAP filters with dumpcap and BPF

Lab 7-1: Capturing using dumpcap

-        Editing

o   Editcap

§  Splitting

§  Eliminate duplicates

§  Time stamps

§  Change the encapsulation type

Lab 7-2: Editing PCAPs using editcap

-        Merging

o   Mergecap

§  Truncate

§  Batch files

o   Drag and drop

Lab 7-3: Merging PCAP files and using batch files with mergecap

Module Eight: Advanced PCAP Techniques

-        Slicing and extracting attack and suspicious traffic

-        Working with files – reading and writing

Lab 8-1: Extracting data from PCAPs

Module Nine: Review and practical preparation

Lab Nine: Practical Assessment and Metrics

Register for Class

Date Location
01/28/19 - 02/01/19, 5 days, 8:30AM – 4:30PM Columbia, MD Sold Out!