Ever tried to track down a hacker or a particular networking complaint and found yourself simply out of your depth? The material presented in this course will equip students with the knowledge and understanding of TCP/IP and free tools like TCPdump and WINdump to assist them in troubleshooting all types of networking complaints, from routing problems to firewall and critical server issues. Students will also become more skilled analysts with commercial LAN analyzer systems, having learned how to "read between the lines." Throughout the course, key concepts are illustrated with examples and sample TCPdump network traces.

Course Topics Include

• Hexadecimal Packet Dumps

TCP/IP Communication Model

• Link Layer
• Network Layer
• Transport Layer

Fragmentation

• How It Works
• Initial Fragment and Protocol Information
• Additional Fragments and Offset
• Malicious Fragmentation

ICMP

• ICMP Theory
• Mapping Using ICMP
• Normal ICMP Behavior
• Malicious ICMP Traffic

Stimulus and Response

• Expected Behavior for Normal Activity
• Normal but Unconventional Stimulus-Response
• Behaviors and Categories of Abnormal Stimulus-Response

Microsoft Networking and Security

• Typical Microsoft Network
• NetBIOS Name Resolution
• Reconnaissance on NetBIOS Hosts
• Windows Ports and Services

• Client and Server Interaction
• Server to Server Interaction
• Primary and Secondary Servers
• Transport Protocol Used (TCP/UDP)
• WINS
• Intelligence Gathering Tools
• DNS: the Dark Side

Routing

• Static Routing
• The Role of Address Resolution Protocol
• Loose Source Routing
• Dynamic Routing Protocols
• Multicast Routing

IPsec

• Why Use IPSec
• The Role of Secure Associations (SA)
• The Role of Internet Key Exchange (IKE)
• The Authentication Header (AH) Security Protocol
• The Encapsulating Security Payload (ESP) Security Protocol
• Tunneling

To see a full list of our courses please click here