Our Courses

Learn the Art of Packet Analysis

How Can We Help?

Intro - Advanced

We deliver courses ranging from introduction to Wireshark, to advanced packet analysis.  The most current version is always used.

Customize

Courses can be customized based on your needs.  Add in your own pcaps, or take out concepts already mastered.

Delivery Methods

Courses can be delivered in either a public classroom, onsite with just your team, or as a virtual class.  Whatever suits you best.

Wireshark Profiles

1 Day

Learn More

Deep Dive Into Wireshark

3 Days

Learn More

TCP/IP with Wireshark

5 Days

Learn More

Deep Dive Into Network Reconnaisance

5 Days

Learn More

All Courses Can Be Modified To Suit Your Needs

​Wireshark Profiles

Course Length: 1 Day


Course Overview

This hands-on course will accelerate your ability to interpret Wireshark® packet capture files (pcaps). Profiles should not be a one-size fits all solution. Wireshark profiles can be huge time savers, if you invest the time up front configuring them to be specific to your environment and workflow. The course will cover best practices for creating profiles, determining what should be in a master profile, and making changes and additions to settings.


Who Should Attend

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of Wireshark and TCP/IP protocols


Topics Covered
  • Categories; by location or by protocol

  • Save profiles to different locations 

  • Create a master profile 

  • Determine which protocol settings to change

  • Configure Name Resolution 

  • Edit Expert settings 

  • Enable/disable protocols 

  • Create Custom Columns 

  • Enhance I/O Graphs 

  • Configure Color Rules 

  • Share profiles 

  • Use different profiles to analyze pcaps 


Course Materials

The course includes a student guide with hands-on labs and example pcaps.  Pcaps will be distributed so that profile changes can be used to analyze actual data.  You will leave class with multiple new profiles to use back at the office. 

 

​Deep Dive Into Wireshark

Course Length: 3 Days


Course Overview

This hands-on course is designed for beginners and those who need a refresher on capturing and interpreting packets.  You will receive in-depth training on Wireshark®. You will learn how to use Wireshark efficiently to spot common sources of network and application performance problems.  You will return to your workplace ready to lower mean time to isolation (MTTI).

Who Should Attend 

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of TCP/IP protocols


Topics Covered
  • Wireshark placement
  • Capture wired and wireless traffic
  • Determine capture filters to eliminate wasted analysis time
  • Configure Wireshark using preferences, columns, and colors
  • Save time with profiles 
  • Visualize trends and failures with statistics and graphs
  • Identify slow response time and then determine the "culprit" 
  • Zoom in to only the relevant packets with display filters
  • Use command line tools dumpcap and tshark 
  • Examine IP, UDP, DNS, TCP, and TLS pcaps using all of the topics covered


Course Materials

Course includes a student guide with hands on labs and example packet capture files (pcaps). You will leave class with multiple new profiles to use back at the office. 

​TCP/IP With Wireshark

Course Length: 5 Days


Course Overview

This hands-on course is designed for beginners and those who need a refresh on capturing and interpreting packets.  You will receive in-depth training on Wireshark® and the major TCP/IP protocols.  You will learn how to use Wireshark efficiently to spot common sources of network and application performance problems.  You will return to your workplace ready. to lower mean time to isolation (MTTI)This course will help to prepare you to pass your WCNA certification exam

Who Should Attend 

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark and a deep dive into the TCP/IP protocols, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of TCP/IP protocols


Topics Covered
  • Wireshark placement
  • Capture wired and wireless traffic
  • Determine capture filters to eliminate wasted analysis time
  • Configure Wireshark using preferences, columns, and colors
  • Save time with profiles 
  • Visualize trends and failures with statistics and graphs
  • Identify slow response time and then determine the "culprit" 
  • Zoom in to only the relevant packets with display filters
  • Examine Quality of Service, fragmentation, time to live, and addressing for the Internet Protocol - IP
  • Categorize the different types of Internet Control Message Protocol - ICMP.  Determine who caused errors and why. 
  • Compare the possible port number combinations in User Datagram Protocol - UDP
  • Analyze Domain Name System - DNS, how recursion works in client queries, the different types of DNS zones, record types, and error interpretation
  • Analyze VoIP protocols, Session Initiation Protocol - SIP and Real-Time Transport Protocol - RTP, how session establishment works, error interpretation, evaluate packet loss, and examine Wireshark tools specific to VoIP
  • Analyze the handshake of the Transport Control Protocol - TCP, TCP options,  recovery mechanisms for various congestion control algorithms including timings, how the window size can put a halt to traffic, differentiating teardown methods, and using TCP stream graphs to focus on the trouble spots
  • Analyze how Hypertext Transfer Protocol - HTTP web requests are formed including GET and POST parameters, HTTP headers, user agents, request cookies, and error interpretation
  • Analyze Transport Layer Security - TLS handshakes for both 1.2 and 1.3, requirements for session resumption, error interpretation, the different methods of decryption, and how to troubleshoot when decryption is not an option


Course Materials

Course includes a student guide with over 20 hands on labs, the official Wireshark study guide in Kindle format, and example pcaps.  You will leave class with multiple new profiles to use back at the office. 

​Deep Dive Into Network Reconnaissance

Course Length: 5 Days


Course Overview

This hands-on course uses only freely available open source tools and is beneficial to anyone performing a cyber investigation or vulnerability assessment. Law enforcement and military communities were specifically in mind during the design, however anyone in cyber security would benefit. You will learn to use open-source tools from the Kali.org Linux distribution. You will learn both active and passive methods to gain information on the person(s) of interest. Hands-on labs combined with various hardware demonstrations, give you numerous opportunities to apply what was learned during the lecture. 

Who Should Attend 

Employees of federal, state and local governments; and businesses working with the government. Cybersecurity analysts and security engineers a who are at the beginning to intermediate stages of packet analysis. 


Prerequisites

Basic knowledge of TCP/IP protocols


Topics Covered

Passive Reconnaissance
  • Best practices to capture network traffic on 802.11 wireless, Bluetooth and ethernet networks. Aircrack, Kismet, tcpdump and Wireshark will be used. Capture filters will be used to narrow the scope of the case.
  • Capture both the 802.11 or Bluetooth specific headers as well as the TCP/IP protocol headers
  • Decrypt WPA2 AES data using EAPOL packets in 802.11 in Wireshark
  • Analyze the data using Wireshark. Various statistics and graphing which can be used to isolate connection patterns
  • Identify ARP spoofing in Wireshark
  • Signature identification and filtering for operating systems and connection establishment with Wireshark
  • Extract executables and images from Wireshark

Active Reconnaissance
  • Best practices to scan an environment using Sn1per, Nmap, and Zenmap. From networks down to services on hosts, active scans will be used to gather data.
  • Use a SOCKS proxy and Tor to anonymize traffic scans
  • Transparently intercept SSL/TLS connections via SSLsplit
  • Discover the target company’s IP netblocks, domain names and DNS record types via DNSRecon, dnsmap, nslookup and dig
  • Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources; search engines, PGP key servers and SHODAN computer database via theHarvester and Maltego
  • Search for potentially sensitive data across the network via smbmap. You will list share drives, drive permissions, share contents, upload/download functionality, and file name auto-download pattern matching.
  • Locate UPnP devices, consumer grade access points for example, via Miranda. Identify application settings, and enumerate devices and services.
  • Build a dossier of websites, RDP services, and open VNC servers with header info and default credentials using EyeWitness
  • Visualize relationships between the information gathered via CaseFile to create a summary of the data gathered


Course Materials

Course includes a student guide with over 20 hands on labs and example pcaps.