AccountIcon BigDataIcon BlogIcon default_resource_icon CartIcon checkmark_icon cloud_devops_icon computer_network_admin_icon cyber_security_icon gsa_schedule_icon human_resources_icon location_icon phone_icon plus_icon programming_software_icon project_management_icon redhat_linux_icon search_icon sonography_icon sql_database_icon webinar_icon

Search UMBC Training Centers

Cybersecurity

Network & Packet Analysis

+ View more dates & times
  • Overview

    This course teaches the student the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low profile offensive operations.

    The hands-on course begins with discussing the role of network packet analysis in computer network operations (CNO). After a detailed discussion of the TCP/IP protocol suite and ethernet network operations, the student practices using the command line tool tcpdump and the protocol analyzer tshark to capture and analyze self-generated network traffic. Students then are asked to examine actual packet captures which illustrate various exploits, network reconnaissance techniques, and more advanced network attacks.

    The course concludes with an extensive real world exercise in which the student must utilize all of the concepts and tools learned in class to analyze and fully characterize the various network threats and breaches.

    COURSE MODULES:

    • TCP/IP Review
    • The Protocols
    • Basic tcpdump
    • Advanced tcpdump
    • Wireshark
    • Practical Exercise
  • Who Should Take This Course

    PREREQUISITES

    CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.

  • Schedule
  • Course Outline

    MODULE 00: TCP/IP REVIEW

    • OSI vs Internet Model
    • Physical and Logical Addresses
    • Services and Ports
    • Domain Name System
    • Routing& Traffic Types
    • IP Protocols: TCP/UDP
    • Media Access Control
    • Network Communications

    MODULE 01: THE PROTOCOLS

    • Link Layer
      • Ethernet
      • Address Resolution Protocol
    • Network Layer
      • Internet Protocol
      • Internet Control Message Protocol
    • Transport Layer
      • Transmission Control Protocol
      • User Datagram Protocol
    • Application Layer
    • Dynamic Host Configuration Protocol
    • Domain Name System
    • Hypertext Transfer Protocol

    MODULE 02: BASIC TCPDUMP

    • Sniffing Basics
    • Capture and read files
    • Command line options
    • Filters: hosts, ports and protocols
    • Decrypting output

    MODULE 03: ADVANCED TCPDUMP

    • Advanced expressions and primitives
    • Qualifiers
    • Expression combinations
    • Offsets and specific byte identification
    • Byte range filters
    • Bit masking

    MODULE 04: WIRESHARK

    • Creating customized capture filters
    • Display filters
    • Filters and target lists
    • Session reconstruction
    • Dangers of WiFi

    MODULE 05: PRACTICAL EXERCISE

    • An all-day team exercise to analyze packet captures from a victim network and to provide a detailed analysis of findings
  • FAQs
    Is there a discount available for current students?

    UMBC students and alumni, as well as students who have previously taken a public training course with UMBC Training Centers are eligible for a 10% discount, capped at $250. Please provide a copy of your UMBC student ID or an unofficial transcript or the name of the UMBC Training Centers course you have completed. Online courses are excluded from this offer.

    What is the cancellation and refund policy?

    Student will receive a refund of paid registration fees only if UMBC Training Centers receives a notice of cancellation at least 10 business days prior to the class start date for classes or the exam date for exams.

Contact Us