Basic Networking and Protocol Analysis studies traffic analysis and concepts of creating defensive measures based on analyst findings. This course covers collection of network traffic, analysis of individual packets, and setup and configuration of open-source intrusion detection systems (IDS). Additionally, covered are the procedures required for network exploitation analysts to implement traffic statistics methodology, intrusion sensors deployment and report generation utilized by management and administrators.
Learning Objectives
Provide an understanding of TCP/IP fundamentals including where/how to capture and analyze network traffic for summary reporting based on findings and observations|Work with Network Interface |Access Control |Network Fundamentals |Network Design |Port Mirroring |IDS/IPS Architecture |Snort and Snorby
|Packet Deconstruction |Wireshark |Tcpdump |Application Layer Protocols |TCP Scans (SYN, SYN/ACK, FIN, Frag, Idle) |Well-Known Application Ports |ICMP Time-to Live (TTL) |OSINT |Google Operators |Introduction to Attacks |Kali and Metasploit Framework |Defense |Monitoring Networks |Windows Event Logs |Linux Syslog Logs |DHCP Logs |DNS Logs and Capture Filters |Analyze network traffic as it is being transmitted live “across the wire” |Determine the extent and severity of attacks underway |Analyze attacks and identify potential mitigations
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.