Network Traffic Analysis will teach you to differentiate between normal and abnormal network traffic, track the flow of packets through a network, and attribute conversations and actions taken over a network segment to specific hosts or users. This course focuses on research, filtering, and comparative analysis to identify and attribute the different types of activity on a network. You will learn how to follow conversations across a wide range of protocols and through redirection, as well as how to develop custom filters for non-dissected protocols. On day 5 of the course, you will participate in a team-based capture-the-flag exercise to test your new skills.
- Create a baseline of the protocols, hosts and interactions in a network environment
- Identify anomalous network traffic using a combination of in-depth packet analysis and higher-level statistical analysis
- Reconstruct event time lines and accurately correlate, or distinguish between, event threads
- Identify and extract network artifacts for further forensic analysis
- Compare observed network traffic to expected topology
- Research and analyze unknown (non-dissected) protocols
- Track web activity at the user or session level via HTTP header analytics