Module 00: TCP/IP Review
• OSI vs Internet Model
• Data Packaging on the Internet
• Physical and Logical Addresses
• Services and Ports
• Domain Name System
• Routing
Module 01: The Protocols
• Link Layer
– Ethernet
– Address Resolution Protocol
• Network Layer
– Internet Protocol
– Internet Control Message Protocol
• Transport Layer
– Transmission Control Protocol
– User Datagram Protocol
• Application Layer
– Dynamic Host Configuration Protocol
– Domain Name System
– Hypertext Transport Protocol
– Secure Shell
– Telnet
– File Transfer Protocol
– Secure Sockets Layer/Transport
– Layer Security
Module 02: Basic tcpdump
• Wireshark vs tcpdump
• Capture and read files
• Command line options
• Filters: hosts, ports and protocols
Module 03: Advanced tcpdump
• Advanced expressions and primitives
• Qualifiers
• Expression combinations
• Header filtering
Module 04: Network Baselines
• What is a baseline?
• Types of baselines
• Creation of baselines
• Capture placement
Module 05: Traffic Analysis Lab
• In-depth hands-on analysis of normal, abnormal and suspicious network traffic
Module 06: Practical Excercise
• An all day team exercise to analyze network traffic for anomalous activity and provide a detailed analysis of findings
