| 
|  | | |
Network Traffic Analysis Because most network intrusion detection systems are prone to generating false positives or alerting when there is no problem, a savvy analyst should understand how to analyze traffic apart from the NIDS to validate whether an alert is real or not. This course will teach the student how to do this by examining packets at the bit level, looking at fields found in the packet, interpreting the intent of the packet, and finally culminating in an examination of multiple packets as real-world events. The intent is to free the analyst from relying exclusively on the NIDS to do packet interpretation.
Course Topics Include Introduction to TCPdump - How TCPdump Can be Used to Analyze Traffic
- Deciphering Output from TCPdump
Writing TCPdump Filters - Mastering Subtleties of Writing
TCPdump Filters - Bit-Masking for Looking at Fields That Do Not Fall on Byte Boundaries
Examining Datagram Fields with TCPdump - Functions of Fields in the IP Datagram
- Normal Values for these Fields
- Why and How these Fields are Crafted to Have Abnormal Values (Network Mapping, OS Fingerprinting, Evasion, and Covert Messages)
Zimmer mit Fruhstuck HaapsaluAnalysis of TCPdump Output - Beginning Analysis: Classification of Traffic
- Real-world Examples of TCPdump Output and Analysis.
Advanced Analysis - Studies in Passive OS Fingerprinting
- Examination of DNS Protocol
To see a full list of our courses please  click here Download Services Brochure If you wish to have more detailed information about our Services and Products please click here | | | | | | | |
 | | |
