Intro - Advanced
We deliver courses ranging from introduction to Wireshark, to advanced packet analysis. The most current version is always used.
Customize
Courses can be customized based on your needs. Add in your own pcaps, or take out concepts already mastered.
Delivery Methods
Courses can be delivered in either a public classroom, onsite with just your team, or as a virtual class. Whatever suits you best.
Wireshark Profiles
Course Length: 1 Day
Course Overview
This hands-on course will accelerate your ability to interpret Wireshark® packet capture files (pcaps). Profiles should not be a one-size fits all solution. Wireshark profiles can be huge time savers, if you invest the time up front configuring them to be specific to your environment and workflow. The course will cover best practices for creating profiles, determining what should be in a master profile, and making changes and additions to settings.
Who Should Attend
Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.
Prerequisites
Basic knowledge of Wireshark and TCP/IP protocols
Categories; by location or by protocol
Save profiles to different locations
Create a master profile
Determine which protocol settings to change
Configure Name Resolution
Edit Expert settings
Enable/disable protocols
Create Custom Columns
Enhance I/O Graphs
Configure Color Rules
Share profiles
Use different profiles to analyze pcaps
Course Materials
The course includes a student guide with hands-on labs and example packet capture files (pcaps). Pcaps will be distributed so that profile changes can be used to analyze actual data. You will leave class with multiple new profiles to use back at the office.
Deep Dive Into Wireshark
Course Length: 3 Days
Course Overview
Who Should Attend
Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.
Prerequisites
Basic knowledge of TCP/IP protocols
- Wireshark placement
- Capture wired and wireless traffic
- Determine capture filters to eliminate wasted analysis time
- Configure Wireshark using preferences, columns, and colors
- Save time with profiles
- Visualize trends and failures with statistics and graphs
- Identify slow response time and then determine the "culprit"
- Zoom in to only the relevant packets with display filters
- Use command line tools dumpcap and tshark
- Examine IP, UDP, DNS, TCP, and TLS pcaps using all of the topics covered
Course Materials
Course includes a student guide with hands on labs and example packet capture files (pcaps). You will leave class with multiple new profiles to use back at the office.
TCP/IP With Wireshark
Course Length: 5 Days
Course Overview
Who Should Attend
Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark and a deep dive into the TCP/IP protocols, helping attendees become more efficient and confident analyzing pcaps.
Prerequisites
Basic knowledge of TCP/IP protocols
- Wireshark placement
- Capture wired and wireless traffic
- Determine capture filters to eliminate wasted analysis time
- Configure Wireshark using preferences, columns, and colors
- Save time with profiles
- Visualize trends and failures with statistics and graphs
- Identify slow response time and then determine the "culprit"
- Zoom in to only the relevant packets with display filters
- Examine Quality of Service, fragmentation, time to live, and addressing for the Internet Protocol - IP
- Categorize the different types of Internet Control Message Protocol - ICMP. Determine who caused errors and why.
- Compare the possible port number combinations in User Datagram Protocol - UDP
- Analyze Domain Name System - DNS, how recursion works in client queries, the different types of DNS zones, record types, and error interpretation
- Analyze VoIP protocols, Session Initiation Protocol - SIP and Real-Time Transport Protocol - RTP, how session establishment works, error interpretation, evaluate packet loss, and examine Wireshark tools specific to VoIP
- Analyze the handshake of the Transport Control Protocol - TCP, TCP options, recovery mechanisms for various congestion control algorithms including timings, how the window size can put a halt to traffic, differentiating teardown methods, and using TCP stream graphs to focus on the trouble spots
- Analyze how Hypertext Transfer Protocol - HTTP web requests are formed including GET and POST parameters, HTTP headers, user agents, request cookies, and error interpretation
- Analyze Transport Layer Security - TLS handshakes for both 1.2 and 1.3, requirements for session resumption, error interpretation, the different methods of decryption, and how to troubleshoot when decryption is not an option
Course Materials
Course includes a student guide with over 20 hands on labs and example packet capture files (pcaps). You will leave class with multiple new profiles to use back at the office.
Deep Dive Into Network Reconnaissance
Course Length: 5 Days
Course Overview
Who Should Attend
Employees of federal, state and local governments; and businesses working with the government. Cybersecurity analysts and security engineers a who are at the beginning to intermediate stages of packet analysis.
Prerequisites
Basic knowledge of TCP/IP protocols
- Best practices to capture network traffic on 802.11 wireless, Bluetooth and ethernet networks. Aircrack, tcpdump and Wireshark will be used. Capture filters will be used to narrow the scope of the case.
- Examine 802.11 specific headers as well as the TCP/IP protocol headers
- Analyze the data using Wireshark. Various statistics and graphing which can be used to isolate connection patterns
- Identify ARP spoofing in Wireshark
- Signature identification and filtering for operating systems and connection establishment with Wireshark
- Extract executables and images from Wireshark
- Best practices to scan an environment using Sn1per, Nmap, and Zenmap. From networks down to services on hosts, active scans will be used to gather data.
- Use a SOCKS proxy and Tor to anonymize traffic scans
- Transparently intercept SSL/TLS connections via SSLsplit
- Discover the target company’s IP netblocks, domain names and DNS record types via DNSRecon, dnsmap, nslookup and dig
- Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources; search engines, PGP key servers and SHODAN computer database via theHarvester and Maltego
- Search for potentially sensitive data across the network via smbmap. You will list share drives, drive permissions, share contents, upload/download functionality, and file name auto-download pattern matching.
- Locate UPnP devices, consumer grade access points for example, via Miranda. Identify application settings, and enumerate devices and services.
- Build a dossier of websites, RDP services, and open VNC servers with header info and default credentials using EyeWitness
- Visualize relationships between the information gathered via CaseFile to create a summary of the data gathered
Course Materials
Course includes a student guide with over 20 hands on labs and example pcaps.
Photos on unsplash by Chris Bayer, Alex Rose, and Tomáš Nožina
