Network Traffic Analysis with Wireshark Training (NTA01)
"The instructor was very knowledgeable and knew how to balance the load between the material and student engagement. He engaged the audience through personal experience examples and gain the audience's trust fast by proving himself as the subject matter expert."
This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics. The course includes real-world, hands-on scenarios featuring packet captures from network attacks and forensics investigations. Attendees will learn how to reconstruct network intrusions and extract information, such as credentials, images, malware, and Indicators of Compromise (IOCs) from packet capture files. Attendees will also learn how to piece together and extract network evidence and tie the evidence to a suspect. Wireshark is the primary tool used throughout this course, but other tools and techniques are covered as well.
Who Should Attend
- Perform malware analysis
- Perform penetration testing
- Care if someone is a Man-In-The-Middle (MITM), sniffing your traffic at Starbucks, the hotel, etc.
- Troubleshoot network applications or network latency
- Track down infected users and top bandwidth consumers
- Perform incident response
- Want to know if you are infected with malware
If any of the above apply to you, you should attend the course.
General knowledge of TCP/IP, networking, and the OSI Model. Exposure to networking protocols and technologies such as DNS, DHCP, ICMP, FTP, HTTP, SMTP, and ARP.
- Network and Traffic Analysis Basics
- Wireshark Overview and Use
- Working with Captured Packets – Lower-Level Protocols
- Working with Captured Packets – Higher-Level Protocols
- Basic Real World Scenarios
- Protocol Dissection
- TCP Flags
- Wireshark Filtering
- Wireshark Colorization
- Wireshark Statistics
- Trace File Formats
- Network Miner
- Exporting Objects
- Packet Capture Data Extraction
- Social Media
- Browser Credentials
- HTTP Methods
- HTTP User-Agents
- Network and Packet Analysis
- OSI Model
- Sniffing Techniques
- Packet Analyzers
- Clear Text Protocols
- Man-In-The-Middle (MITM)
- Unicast Traffic
- Broadcast Traffic
- Multicast Traffic
- Control Channels
- Data Channels
- Covert Channels
- Wireshark Searches
- Wireshark Streams
- Wireshark Profiles
- Capture Filtering
- Display Filtering
- Encoding / Decoding
- Network Traffic Analysis Methodology
- Protocol Dissection
- HTTP Cookies
- Protocol Decoding
SOFTWARE AND TOOLS USED
Continuing Education Credits
Our public courses are offered less than 20 minutes from downtown St. Louis at our partner, TechGuard Security's office, located outside of Scott Air Force Base.
703 Seibert Rd, Suite 2
Scott Air Force Base, Illinois 62225
We also offer private onsite courses, at your location. We love to travel and will gladly send a trainer to your location. Please Contact Us for more information.
Live, Instructor-Led Training with a dynamic trainer that is a cyber security professional. Instructors have real-world experience with the material covered in the course.
- July 5-7 (W-F), 8:30am - 4:30pm, 2017
- August 23-25 (W-F), 8:30am - 4:30pm, 2017
- November 6-8 (M-W), 8:30am - 4:30pm, 2017
We offer course discounts for multiple enrollments. Please Contact Us for more information.