• Online, Self-Paced

Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.

Learning Objectives

  • Familiarize students with the popular PCAP format.
  • Teach students how to capture and manage PCAP in enterprise and tactical environments.
  • Give students a working knowledge of common PCAP tools including tcpdump, Wireshark, pynids, and Chopshop.
  • Prepare students for rapid analysis of PCAP.
  • Prepare students to conduct in-depth investigations of network traffic.
  • Develop technical skills with hands on exercises.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.