Introduction to Network Packet Analysis
A guided introduction to Network Packet Analysis using TCPDump, Wireshark and Network Miner (Lab Included)
Could not make it to the KY ISSA 2016 Network Packet Analysis Workshop? No problem!. We recorded the workshop and are making it available.
This workshop is a guided introduction to using TCPDump, Wireshark and Network Miner to perform Network Packet Analysis. Those new to packet analysis will find this introduction welcoming and well-paced. Those with intermediate skills can enjoy tips on improving the process and exposure to multiple tools.
We review the basics of TCP, IP, UDP and other common networking protocols to familiarize the reader. Then we discuss several tools that are freely available, easy to use and provide excellent features. We provide an in-depth discussion of using Wireshark, Network Miner and TCPDump. For each tool, instruction is given followed by practical, real world examples using the tools.
The workshop concludes with 25 questions about 3 PCAP files included with the workshop. This exercise will check for understanding and reinforce the topics and tools.
Your Instructor
GISF, GSEC, GPEN, GXPN, GWAPT, GMOB, Sec+
Jeremy works as a security penetration tester, application security consultant, and defect-remediation expert for a multi-national transportation logistics company. Jeremy is also the owner of Ellipsis Information Security LLC assisting the community with security services. Additionally Jeremy develops the open-source Mutillidae 2.x training environment (https://sourceforge.net/projects/mutillidae/) and teaches on security topics.
As Director of Education for the Kentucky ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel (https://www.youtube.com/user/webpwnized). Jeremy has a Bachelor in Computer Science and is a GIAC-certified Web Application, Mobile and Network Pen-Tester.
Course Curriculum
-
StartOverview of Network Packet Analysis Tools (10:07)
-
StartSniffing and Capturing Network Packets with TCPDump: Part 1 (7:44)
-
StartSniffing and Capturing Network Packets with TCPDump: Part 2 (13:58)
-
StartPacket Analysis with Wireshark: Part 1 (29:53)
-
StartPacket Analysis with Wireshark: Part 2 (34:42)
-
StartPacket Analysis with Network Miner: Part 1 (8:31)
-
StartPacket Analysis with Network Miner: Part 2 (3:24)