EC3772 Intermediate Network Traffic Analysis (Short Course)

The Intermediate Network Traffic Analysis short course equips students with an in-depth understanding of the tools and techniques necessary for gaining deep insight into common operational requirements of DoD networks. Students will be well versed in the use of Wireshark, tshark, libpcap, and npcap. An extensive understanding of Wireshark is developed to include dissector evaluation, capture filters, display filters, and plot analysis. Through a series of case studies, students will be able to recognize the precursors of a cyber attack to allow them to take preventative measures. In the case of forensic analysis, students will be able to identify suspect traffic and make associations to identify root causes. This is a 5-day short course.

Prerequisite

EC3771 or permission of the Instructor

Lecture Hours

1

Lab Hours

0.5

Course Learning Outcomes

  • Demonstrate the ability to analyze mobile device traffic for malware.
  • Differentiate mobile users in a collection of mobile device traffic.
  • Identify suspect artifacts in mobile device traffic.
  • Demonstrate the ability to identify mobile application leaks.
  • Define the IMEI and TAC and their significance in user differentiation.
  • Recognize and analyze server side exploits in traffic.
  • Explain stack depth probing and its manifestation in network traffic.
  • Recognize injected and spoofed network traffic.
  • Analyze artifacts of TCP session hijacking.
  • Demonstrate the process of graceful resynchronization.
  • Identify indicators of botnet traffic.
  • Recognize and analyze new and unusual protocols associated with industrial control system traffic.