Packet Analysis with Wireshark & Nmap (PACK-214)



Packet Analysis with Wireshark & Nmap 101 (PACK-101)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days –  Prerequisite:  Networking protocols – Labs: Yes –Local Cyber Range

Type of Course: Advanced  Security / Technical Prerequisite skills: TCP/IP, networking, the OSI Model and exposure to networking protocols and technologies.

About this course: This course is very lab intensive. Practice in this course will lead to excellence in the packet analysis process as it relates to incident response. 

Goals:  This course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics.

Objectives: Understand the packet for support of network intrusion detection process and practice malware traffic analysis.

Topics: Network and Packet Analysis, OSI Model, Clear Text Protocols, Man-In-The-Middle (MITM), Unicast, Broadcast, Multicast Traffic, TCP & UDP Ports, Searches, Streams, Profiles, Wireshark traffic flows, Customizing views and settings, Determining capture method, Filters to focus, Coloring and exporting, Tables and graphs, Reassembling traffic, Command-line tools for capture, split, and merge, Nmap as a packet creation tool, Analysis of reconnaissance data, Security Onion, Research, Malware traffic analysis

Next course: Assessing Network Vulnerabilities (VULN-SVY)

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.