This course provides the student the concepts, methodologies, and hands-on tools to analyze network traffic for the purposes of focused operations, cyber operations, pen testing, intrusion detection, and incident response. Each student will be provided an overview on how packet analysis applies to their cyber security position. This course will provide an overview of the TCP/IP Stack to include UDP as it relates to architecture but also includes how packet analysis can identify and create network based attacks.
Students will learn how to use TCPDump, TShark, and will be given an overview of commercial tools to conduct analysis.
- Packet Analysis Overview
- Application of packet analysis Cyber Operations and Focused Operations
- TCP/IP / UDP Stack Review
- Other protocols / Codecs
- Deploy and configure TCPDump
- Analysis Methods using TCPDump
- Deploy and configure tShark
- Analysis Methods using tShark
- System Tests and evaluations
- Hands-on Exercise
- Final Practical Exam/CAPSTONE Exercise