Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.
Learning Objectives
- Familiarize students with the popular PCAP format.
- Teach students how to capture and manage PCAP in enterprise and tactical environments.
- Give students a working knowledge of common PCAP tools including tcpdump, Wireshark, pynids, and Chopshop.
- Prepare students for rapid analysis of PCAP.
- Prepare students to conduct in-depth investigations of network traffic.
- Develop technical skills with hands on exercises.