Basic Networking and Protocol Analysis studies traffic analysis and concepts of creating defensive measures based on analyst findings. This course covers collection of network traffic, analysis of individual packets, and setup and configuration of open-source intrusion detection systems (IDS). Additionally, covered are the procedures required for network exploitation analysts to implement traffic statistics methodology, intrusion sensors deployment and report generation utilized by management and administrators.
Learning Objectives
Provide an understanding of TCP/IP fundamentals including where/how to capture and analyze network traffic for summary reporting based on findings and observations|Work with Network Interface |Access Control |Network Fundamentals |Network Design |Port Mirroring |IDS/IPS Architecture |Snort and Snorby
|Packet Deconstruction |Wireshark |Tcpdump |Application Layer Protocols |TCP Scans (SYN, SYN/ACK, FIN, Frag, Idle) |Well-Known Application Ports |ICMP Time-to Live (TTL) |OSINT |Google Operators |Introduction to Attacks |Kali and Metasploit Framework |Defense |Monitoring Networks |Windows Event Logs |Linux Syslog Logs |DHCP Logs |DNS Logs and Capture Filters |Analyze network traffic as it is being transmitted live “across the wire” |Determine the extent and severity of attacks underway |Analyze attacks and identify potential mitigations
Framework Connections
Competency Areas
Work Roles
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.