• Online, Self-Paced

Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.

Learning Objectives

  • Familiarize students with the popular PCAP format.
  • Teach students how to capture and manage PCAP in enterprise and tactical environments.
  • Give students a working knowledge of common PCAP tools including tcpdump, Wireshark, pynids, and Chopshop.
  • Prepare students for rapid analysis of PCAP.
  • Prepare students to conduct in-depth investigations of network traffic.
  • Develop technical skills with hands on exercises.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.