Contents
Catalog Links
Share

EC3771 Basic Network Traffic Analysis (Short Course)

The Basic Network Traffic Analysis short course equips students with an in-depth understanding of the tools and techniques necessary for gaining deep insight into the operations and behavior of enterprise networks. In completing this course, the student will be able to systemically plan for data collection, capture traffic of interest, analyze the traffic, and take appropriate action as a result of the analysis. For a given data collection, the student is able to determine who is talking, what applications are being used, filter on conversations of interest, create statistical graphs related to issues of interest, employ expert systems to recognize anomalies and diagnose problem areas. Students are able to apply these skills for the purposes of general analysis, network troubleshooting, security analysis, and application performance evaluation. This is a 5-day short course.

Prerequisite

Demonstrated Computer Networking Knowledge or Permission of the Instructor

Lecture Hours

1

Lab Hours

0.5

Course Learning Outcomes

  • Demonstrate the value of packet analysis by identifying an issue in captured traffic and describing the root cause
  • Given a network topology, identify the best capture locations to “see” relevant traffic
  • Demonstrate the basic capabilities of microanalysis tools such as libpcap, Winpcap, tcpdump, Wireshark, and tshark by using each to process provided network traffic
  • Describe the raw information presented by Wireshark by showing the packet list, packet details and raw comments
  • Demonstrate how to filter traffic captured by Wireshark by generating at least ten different Berkeley packet filter expressions
  • Demonstrate how to filter what traffic is displayed by Wireshark by generating at least ten different display filters
  • Given collected network traffic, differentiate different protocols present, identify the most active conversations and hosts, plot basic relationships and identify aberrations and anomalies
  • Demonstrate how to customize Wireshark profiles to discover specific network protocols
  • Demonstrate basic network forensics fundamentals by finding source associations in a network traffic event
    • Demonstrate how to use command-line tools by concatenating, segmenting, and reducing a collection of network traffic