Network Packet Analysis
8/31/2020 - 9/4/2020COURSE LENGTH:
9:00am - 4:30pm
This course provides the student the concepts, methodologies, and hands-on tools to analyze network traffic for the purposes of focused operations, cyber operations, intrusion detection, and incident response. Each student will be provided an overview on how packet analysis applies to their cyber security position.
AUDIENCE AND PREREQUISITES
You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance problems, and you will prepare for the latest Wireshark Certified Network Analyst (WCNA) certification exam.
Wireshark® is an open source Network Packet Analyzer for analyzing the TCP/IP communications. The participants will experience the use of Wireshark to identify problems in TCP/IP communications.
Topics you will cover in this course include:
Traffic capturing techniques and analyzer placement
Traffic filtering (capture/display)
Customized profiles creation
Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
Normal behavior of ARP, DNS, IP, TCP, UDP, ICMP, and HTTP/HTTPS
Latency issue identification
Connection establishment concerns
Common indications of reconnaissance processes and breached hosts
Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at www.wireshark.org.
WHO NEEDS TO ATTEND:
Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.
CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.
•Read and understand the English language.
•Perform basic operations on a computer.
•Have Knowledge in Computer Networking, Wireless Networking
•Have Knowledge in Information, Network and Wireless Security
*Course cost listed does not include the cost of courseware (required) or lunch (optional). Please contact us at firstname.lastname@example.org or 207-775-0244 for additional pricing information, or if you have any questions. Course is subject to minimum enrollment. Course may run as a Live Distance Learning (LDL) session if minimum enrollment is not met.
Lesson 1 The Word of Network Analysis Define Network Analysis Follow an Analysis Example Walk-Through of a Troubleshooting Session Walk-Through of a Typical Security Scenario Understand Security Issues Related to Network Analysis Overcome the "Needle in the Haystack Issue" Review a Checklist of Analysis Tasks Understand Network Traffice Flows Launch an Analysis SessionLesson 2 Introduction to Wireshark Wireshark Creation and Maintenance Capture Packets on Wired or Wireless Networks Open Various Trace File Types Use the Start Page Identify the Nine GUI Elements Navigate WireShark's Main Menu Use the Main Toolbar for Eficiency Focus Faster with the Filter Toolbar Make the Wireless Toolbar Visible Get Some Trace Files Case Study Detecting Database DeathLesson 3 Capture Traffic Know Where to Tap Into the Network Run Wireshark Locally Capture Traffic on Switched Networks Analyze Routed Networks Analyze Wireless Networks Capture at Two Locations (Dual Captures) Select the Right Capture Interface Capture on Multiple Adapters Simultaneously Interface Details (Windows Only) Capture Traffice Remotely Automatically Save Packets to One or More Files Optimize Wireshare to Avoid Dropping Packets. Conserve Memory with Comand-Line Capture Case Study - Dual Capture Points the Finger Case Study - Capturing Traffic at HomeLesson 4 Create and Apply Capture Filters The Purpose of Capture Filters Apply a Capture Filter to an Interface Build Your Own Set of Capture Filters Filter by a Protocol Filter Incoming Connection Attempts Creat MAC/IP Address or Host Name Capture Filters Capture One Application's Traffice Only Use Operators to Combine Capture Filters Create Capture Filters to Look for Byte Values Manually Edit the Capture Filters File Share Capture Filters with OthersLesson 5 Define Global and Personal Preferences Find Your Configuration Folders Set Global and Personal Configurations Customize Your User Interface Settingds Define Your Capture Preferences Automatically Resolve IP and MAC Names Plot IP Addresses on a World Map with GeoIP Resolve Port Numbers (Transport Name Resolution) Resolve SNMP Information Configure Filter Expressions Configure Statistics Settings Define ARP, TCP, HTTP/HTTPS and Other Protocol Settings Configure Protocol Settings with Right-ClickLesson 6 Colorize Traffic Use Colors to Differentiate Traffic Types Disable One or More Coloring Rules Share and Manage Coloring Rules Identify Why a Packet is a Certain Color Create a "Butt Ugly" Coloring Rule for HTTP Errors Color Conversations to Distinguish Them Temporarily Mark Packets of Interest Alter Stream Reassembly ColoringLesson 7 Define Time Values and Interpret Summaries Use Time to Identify Network Problems Send Trace Files Across Time Zones Identify Delays with Time Values Identify Client, Server and Path Delays View a Summary of Traffic Rates, Packet Sizes and Overall Bytes TransferredLesson 8 - Interpret Basic Trace Files Statistics Launch Wireshark Statistics Identify Network Protocols and Applications Protocaol Settings Can Affect Your Results Identify the Most Active Conversations List Endpoints and Map Them on the Earth Spot Suspicious Targets with GeoIP List Conversations or Endpoints for Specific Traffice Types Evaluate Packet Lengths List All IPv4/IPv6 Address in the Traffic List All Destinations in the Traffic List UDP and TCP Usage Analyse UDP Multicast Streams. Graph the Flow of Traffic Gather Your HTTP Statistics Examine All WLAN StatisticsLesson 9 Create and Apply Display Filters Understand the Purpose of Display Filters Create Display Filters Using Auto-Complete Apply Saved Display Filters Use Expressions for Filters Assistance Make Display Filters Using Right-Click Filtering Filer on Conversations and Endpoints Filter of the Protocol Hiearchy Window Understand Display Filter Syntax Combine Display Filters with Comparison Operators Alter Display Filter Meaning with Parentheses Filter on the Existence of Filed Filter on Specific Bytes in a Packet. Find Key Words in Uper or Lower Case More Interesting Regex Filters Let Wireshark Catch Display Filter Mistakes Use Display Filter Macros for Complex Filtering Avoid Common Display Filter Mistakes Manually Edit the dfilters FileLesson 10 Follow Streams and REassemble Data The Basics of Traffice Reassembly Follow and Reassemble UDP Conversations Follow and Reassemble TCP Conversations Follow and Reassemble SSL Conversations Reassemble an SMB TransferLesson 11 Customize Wireshark Profiles Customize Wireshark with Profiles Create a New Profile Share Profiles Create a Troubleshooting Profile Create a Corporate Profile Create a WLAN Profile Create a VoIP Profile Create a Security ProfileLesson 12 Annotate, Save, Export and Print Packets Annotate a Packet or an Entire Trace File Save Filtered, Marked and Ranges of Packets Export Packet, Content for Use in Other Programs Export SSL Keys Save Conversations, Endpoints, IO Graphs and Flow Graph Information Export Packet BytesLesson 13 Use Wireshark's Expert System Let Wireshark's Expert Information Guide You Understand TCP Expert InformationLesson 14 TCP/IP Analysis Overview TCP/IP Functionality Overview Build the PacketLesson 15 Analyze Domain Name System (DNS) Traffic The Purpose of DNS Analyze Normal DNS Queries/Responses Analyze DNS Problems Dissect the DNS Packet Structure Filter on DNS/MDNS TrafficLesson 16 Analyze Address Resolution Protocol (ARP) Traffic Identify the Purpose of ARP Analyze Normal ARP Requests/Response Analyze Gratuitous ARPs Analyze ARP Problems Dissect the ARP Packet Structure Filter on ARP TrafficLesson 17 Analyze Internet Protocol (IPv4/IPv6) Traffic Identify the Purpose of IP Analyze Normal IPv4 Traffic Analyze IPv4 Problems Dissect the IPv4 Packet Structure An Introduction to IPv6 Traffic Dissect the IPv6 Packet Structure Basic IPv6 Addressing Sanitze Your IP Addresses in Trace Files Set Your IPv4 Protocol Preferences Troubleshooting Encrypted Communications Filter on IPv4 Traffic Filer on IPv6 TrafficLesson 18 Analyze Internet Control Message Protocol (ICMPv4/ICMPV6) Traffic The Purpose of ICMP Analyze Normal ICMP Traffic Analyze ICMP Problems Dissect the ICMP Packet Structure Basic ICMPv6 Functionality Filter on ICMP and ICMPv6 TrafficLesson 19 Analyze User Datagram Protocol (UCP) Traffic The Purpose of UDP Analyze Normal UDP Traffice Analyze UDP Problems Dissect the UDP Packet Structure Filter on UDP TrafficLesson 20 Analyze Transmision Control Protocol (TCP) Traffic The Purpose of TCP Analyze Normal TCP Communication Analyze TCP Problems Dissect the TCP Packet Structure Filter on TCP Traffic Set TCP Protocol PreferencesLesson 21 Graph IO Rates and TCP Trends Use Graphs to View Trends Generate Basic IO Graphs Filter IO Graphs Generate Advanced IO Graphs Compare Traffice Trends in IO Graphs Graph Round Trip Time Graph Throughput Rates Graph TCP Sequence Numbers over TimeLesson 22 Analyze Dynamic Host Configuration Protocol (DHCPv4/DHCPv6) Traffic Analyze Hypertext Transfer Protocol (HTTP) Traffic Analyze File Tranfer Protocol (FTP) Traffic Analze Email Traffic Introduction to 802.11 (WLAN) Analysis Introduction to Voice over IP (VoIP) Analysis Baseline "Normal" Traffic Patterns Find the Top Causes of Performance Problems Network Forensics Overview Detect Scanning and Discovery Processes Analyze Suspect Traffic Effective Use of Command-Line Tools