This course will cover the process for conducting protocol analysis. This will serve as a foundation for the skill required for a number of different types of careers. Protocol analysis is the technique of analyzing what is or has taken place on a network. This is used by Security Operations Center analysts as well as network forensics investigators.
We will take static capture files that you will be provided and show you how to analyze them within the Wireshark tool. You will learn ways to quickly identify anything that is abnormal within a network packet capture. This will provide you with the initial skills for intrusion analysis, and also malware tracking and monitoring.
-The course prepares the student for understanding network protocol analysis
-After the course you will have the initial skills for security or hacking classes
- Anyone who wants to understand the foundation of security skills and have knowledge for analyzing network traffic as well as potential intrusions will benefit from this course.
- This course is for beginners or people interested in learning about hacking and don't know where to start.
Maneuver the static packet capture File1.pcapng within Wireshark and interpret the information in the file. Become familiar with the three main display windows and how to analyze the packet information.
Recognize the components of client to server interaction. Following the common sequences of network traffic from request to response
DNS to IP
IP to ARP
Analyze the different components of client to server communication. Interpret DNS and ARP and what takes place on the network when these protocols communicate.
Explore the main protocols on the network and build understanding of the components of ICMP, the composition of UDP and the characteristics of TCP communications.
Assess the static capture file File1.pcapng. Examine the ICMP, UDP and TCP traffic within the file using the user interface of Wireshark.
In this quiz you will be tested on the components of network communication.
You will learn about the headers and the components within the headers of IP, UDP and TCP. Following the information review you will learn a process for analyzing the headers from within the network.
You will use the supplemental file, File2.pcapng. amd examine the way the headers are displayed within the user interface of Wireshark. The process of identifying and understanding encapsualtion will be reviewed.
In this lecture you will learn about the connection-oriented and the connection-less network protocols and how to interpret Steams and conversations on the network.
You will use the supplemental file, File3.pcapng, and process the UDP sessions and review the stream content. You will explore the TCP connections, and analyze the streams from the connections to uncover information from the network communications.
In this quiz, you will have questions on the different protocols within TCP/IP.
You will learn the different methods of setting up a capture wihtin Wireshark. You will review the interface and options available for captruing the network traffic.
You will learn how to configure and setup the Wireshark tool to conduct live network traffic capture. Once you have configured the interface and started the capture you will access a number of web sites.
You will apply the process you have learned to the live capture file. Following this, you will analyze what has taken place at the packet level when you generated the network traffic.
You will receive an overview of the different methods of working with packet capture files in Wireshark. Following this, infomration on the different capture file formats will be explained.
You will learn the process, methods and the different formats for saving capture files. At the completion of this you will learn how to select different area of the network traffic and save for future use.
You will lean the advanced capture methods of Wireshark. The process and technique of merging capture files into another will be discussed as well as the capability to import hexadecimal traffic from a file.
You will apply the skills that you have learned for advanced captures in the Wireshark tool Following this, you will see how to isolate specific network packet data and then merge it into another capture file for later use.
This quiz will be based on the options for capturing files within Wireshark.
You will learn about the powerful filtering capability in Wireshark. By applying filters you will be able to isolate all facets of network communication. An explanation of the characteristics of basic network attacks will be discussed.
You will apply the knowledge you have learned to the creation filters within the Wireshark tool. Methods of a variety of shortcuts to assist your analysis will be reviewed.
You will learn the process to examine network protocol communication. The methods used to identify abnormal and potentially attack traffic will be discussed.
You will use the supplemental capture file, File3,pcapng to apply the skills we have developed throughout the course to determine what has taken place on the network where the packet capture was taken. You will review and determine the network traffic that is normal, and the network traffic that could be an attack. The skills practiced here will set the stage for the next level of conducting protocol analysis of potential attack traffic.
You will use the supplemental capture file, File4.pcapng and apply the skills, and process and methodology you have learned throughout the course to determine what has taken place on the network that the network packet capture was taken on.
This is the first capture file, apply the process you have learned and analyze what is taking place in the file. Message me once you have completed your analysis.
I have created a Bonus File Section that will contain different capture files for you to apply the process we show in the course to analyze the network traffic. I am happy to announce that the second capture file for you to review has been uploaded. Take a look ad see if you can determine what has taken place on the network and anything that is suspicious in the network traffic. Once you have analyzed it, send me a message with your results. After I get 10 or more analysis results from you all, I will post a solution with a walk through of some of the important items that are in the capture file. As a reminder, the process is:
This is the solution file for the 2nd bonus packet capture. I did not provide everything in the capture file, I explained the process. See if after you have reviewed the solution you can discover any additional information about the attacks if there are any within the file. Post your analysis to share with others. Good Luck!
In this lecture I will perform the first step of the scanning methodology that hackers deploy using the popular tool nmap. The discovery of live systems to hack!
In this video, I will perform the second step of the hacking methodology of scanning, and that is finding the open ports on our targets. These open ports represent doors that we can use for access, or in hacker terms our vector for a potential attack.
In this video, I will perform the third step of the hacking methodology of scanning, and that is finding the services on the open ports on our targets. These services will let the attacker know where the potential attack points are at.
In this video, I will perform the fourth step of the hacking methodology of scanning, and that is enumerating details on our targets. These details will assist the attacker with making the attack points more granular and then they can carry out a more direct attack with a greater chance of success.
In this video, I will perform the fifth step of the hacking methodology of scanning, and that is identifying the vulnerabilities, and this is one of the things that a hacker needs and that is a weakness to leverage for gaining access.
In this video, I will perform the sixth step of the hacking methodology of scanning, and that is validating the vulnerabilities, and this is leveraging a weakness for gaining access and is penetration testing.
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.
He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.
He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA, LPT and a number of other certifications.