We're offering 20% off September Live Online classes! See which courses are applicable.   |   Details

  
AccountIcon BigDataIcon BlogIcon default_resource_icon CartIcon checkmark_icon cloud_devops_icon computer_network_admin_icon cyber_security_icon gsa_schedule_icon human_resources_icon location_icon phone_icon plus_icon programming_software_icon project_management_icon redhat_linux_icon search_icon sonography_icon sql_database_icon webinar_icon

Search UMBC Training Centers

Cybersecurity

Network & Packet Analysis

Group Training + View more dates & times 

                 

                
                        Overview
                        

                            
This course teaches the student the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low profile offensive operations.


The hands-on course begins with discussing the role of network packet analysis in computer network operations (CNO). After a detailed discussion of the TCP/IP protocol suite and ethernet network operations, the student practices using the command line tool tcpdump and the protocol analyzer tshark to capture and analyze self-generated network traffic. Students then are asked to examine actual packet captures which illustrate various exploits, network reconnaissance techniques, and more advanced network attacks.


The course concludes with an extensive real world exercise in which the student must utilize all of the concepts and tools learned in class to analyze and fully characterize the various network threats and breaches.


COURSE MODULES:


    

  • TCP/IP Review
    • 

  • The Protocols
    • 

  • Basic tcpdump
    • 

  • Advanced tcpdump
    • 

  • Wireshark
    • 

  • Practical Exercise
    • 


                        

                

                                            

                        
                            Who Should Take This Course
                            

                                
PREREQUISITES


CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.

                            

                    

                                                                                                    

                    
                        Schedule
                        

                            
                            
                            
                            

                        

                    

                                                            

                    
                        Course Outline
                        

                            
MODULE 00: TCP/IP REVIEW


    

  • OSI vs Internet Model
    • 

  • Physical and Logical Addresses
    • 

  • Services and Ports
    • 

  • Domain Name System
    • 

  • Routing& Traffic Types
    • 

  • IP Protocols: TCP/UDP
    • 

  • Media Access Control
    • 

  • Network Communications
    • 



MODULE 01: THE PROTOCOLS


    

  • Link Layer

      

    • Ethernet
      • 

    • Address Resolution Protocol
      • 

    

    • 

  • Network Layer

      

    • Internet Protocol
      • 

    • Internet Control Message Protocol
      • 

    

    • 

  • Transport Layer

      

    • Transmission Control Protocol
      • 

    • User Datagram Protocol
      • 

    

    • 

  • Application Layer
    • 

  • Dynamic Host Configuration Protocol
    • 

  • Domain Name System
    • 

  • Hypertext Transfer Protocol
    • 



MODULE 02: BASIC TCPDUMP


    

  • Sniffing Basics
    • 

  • Capture and read files
    • 

  • Command line options
    • 

  • Filters: hosts, ports and protocols
    • 

  • Decrypting output
    • 



MODULE 03: ADVANCED TCPDUMP


    

  • Advanced expressions and primitives
    • 

  • Qualifiers
    • 

  • Expression combinations
    • 

  • Offsets and specific byte identification
    • 

  • Byte range filters
    • 

  • Bit masking
    • 



MODULE 04: WIRESHARK


    

  • Creating customized capture filters
    • 

  • Display filters
    • 

  • Filters and target lists
    • 

  • Session reconstruction
    • 

  • Dangers of WiFi
    • 



MODULE 05: PRACTICAL EXERCISE


    

  • An all-day team exercise to analyze packet captures from a victim network and to provide a detailed analysis of findings
    • 


                        

                    

                                                            

                    
                        FAQs
                        

                            
Is there a discount available for current students?


UMBC students and alumni, as well as students who have previously taken a public training course with UMBC Training Centers are eligible for a 10% discount, capped at $250. Please provide a copy of your UMBC student ID or an unofficial transcript or the name of the UMBC Training Centers course you have completed. Asynchronous courses are excluded from this offer.


What is the cancellation and refund policy?


Student will receive a refund of paid registration fees only if UMBC Training Centers receives a notice of cancellation at least 10 business days prior to the class start date for classes or the exam date for exams.

                        

                    

                                                            

            

            
        

    

    







    


    










				









    

      

        
Contact Us