Network Traffic Analysis
This FireEye Mandiant course provides hands-on, tactical experience with network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. Reinforce technical concepts through Live Lab Sessions, where you’ll study the types of network monitoring and tools used to identify malicious network activity and prevent sophisticated attackers from blending seamlessly with legitimate traffic. Explore the most useful techniques for investigating botnets and how to utilize honeypots in network monitoring.
4 modules (self-paced)
4 Live Hands-On Labs
4-6 Hours of Work per Module
Your Subject Matter Expert:
“The way I like to think of incident response is as if it's a jigsaw puzzle. Network Traffic Analysis makes up the outline pieces. Once you get an outline, you're able to fill in the actual image with host information.”
This cybersecurity course offers you a strong and thorough understanding of packet analysis through a foundation in network protocols and the tools and techniques used to analyze them. You will also learn about Snort signatures: how to develop them based on network indicators and how to set up rules to alert on them. This course combines self-paced learning with weekly live labs, allowing you to practice skills and receive real-time feedback from an industry expert.
Module 1: Network Traffic Analysis, Linux Basics, Network Protocol Review, PCAP Analysis with Wireshark
Describe how Network Traffic Analysis is conducted throughout the attacker lifecycle. Review basic Linux commands and concepts. Conduct basic Wireshark analysis, such as using the dissector, display filter and the expression builder, setting user preferences, review common application protocols, and analyzing SSL traffic. Use the OSI TCP/IP model to determine what portions of the packet header are located at what layer.
Module 2: Attacker Techniques–DNS, HTTP, Lateral Movement, Binary Protocols
Analyze DNS protocol to include different types of records. Analyze HTTP traffic. Describe multiple protocols, what they look like on the wire, and their use in the attacker lifecycle. Analyze binary protocols.
Module 3: Network Sensor Placement, Network Flow Analysis, PCAP Analysis without Wireshark
Describe network hardware to include their uses and complications. Create a network topology. Conduct analysis using NetFlow and tools. Conduct analysis using non-Wireshark tools.
Module 4: Event-Based Analysis
Identify Snort rule options. Identify Surricata options. Create Snort signatures.
Cybersecurity Foundations and Frameworks
In our volatile digital world, the cyber threats you don’t know about are the most dangerous ones there are. Cybersecurity Foundations and Frameworks teaches you to assess where your organization...
Want to emulate the success of blockchain games like CryptoKitties and avoid the failures of initiatives like the DAO? Blockchain Cases teaches you everything you need to know...
Cybersecurity may seem straightforward when your data is housed on your own servers, but what happens when it’s out of your hands? Cloud Security prepares you with the...
Blockchain and Industry
You have a brilliant idea for how blockchain can benefit your company, but how do you put it into practice? Blockchain and Industry is designed to help you...
Blockchain Foundations and Frameworks
By now, you’ve heard about blockchain. But do you know exactly what it is, or how it can take your business to the next level? Blockchain Foundations and...
Machine Learning and Industry
Even if you have an idea for a machine learning solution that could transform your company, implementing it is a whole different challenge. Machine Learning and Industry trains you to...
Jessica Hays is a Technical Instructor at FireEye Mandiant. With 13 years of experience in the cybersecurity field, she has worked in a variety of capacities, including incident response and handling, but is currently specializing in cybersecurity awareness through proactive measures and threat intelligence. During her career, she has worked with multiple Fortune 500 and 1000 companies, along with various U.S. Government intelligence agencies.