Learn to use Wireshark for deep packet analysis, capturing, and forensics. Learn to detect and handle unusual traffic on a network and prevent malicious activity.
Overview
Syllabus
Introduction
- Sniffing out the bad guys
- What you should know
- Exploring cyberattacks and trends
- Understanding malware and cyber threats
- Packet analysis overview
- Outlining the benefits of Wireshark
- Tshark
- Tap into your network
- Create firewall rules
- Challenge: Email forensics
- Response: Email forensics
- Baseline your network
- Displaying data using filters
- Creating complex filters
- Capture filters
- Using statistics
- Save, export, and print
- Coloring rules
- Using a ring buffer
- Challenge: HTTP packets
- Solution: HTTP packets
- Challenge: Firewall rules
- Solution: Firewall rules
- OSI layer attacks
- Indications of compromise
- Ports related to malicious activity
- Understanding port scans
- Investigating attacks
- Using VirusTotal
- Challenge: Analyze
- Solution: Analyze
- Fast flux DNS
- Trojan in the house
- Unwanted TOR activity
- Challenge: Packets and filters
- Solution: Packets and filters
- Next steps
Taught by
Lisa Bock