Intro to Network Traffic Analysis

Intro to Network Traffic Analysis  Medium

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

Created by TreyCraf7

To start this course Sign Up!

Summary

This module introduces network traffic analysis in a general sense for both offensive and defensive security practitioners. Defenders can use network traffic analysis to collect and analyze real-time and historical data of what is happening on the network. Network traffic analysis can also be used by both sides to search for vulnerable protocols and ciphers in use. We will cover principles of network traffic analysis and usage of traffic analysis tools such as Wireshark and tcpdump.

In this module, we will cover:

  • Network traffic analysis principles
  • Tcpdump fundamentals
  • Working with Wireshark
  • Wireshark filters

This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module includes several guided and non-guided labs to reinforce the techniques covered throughout.

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many examples as possible to reinforce further the concepts presented in each section. You can do this in the Pwnbox provided in the interactive sections or your virtual machine.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "Medium" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.

A firm grasp of the following modules can be considered prerequisites for successful completion of this module:

  • Linux Fundamentals
  • Introduction to Networking
  • Web Requests

Sections

  • Network Traffic Analysis
  • Networking Primer - Layers 1-4
  • Networking Primer - Layers 5-7
  • The Analysis Process
  • Analysis in Practice
  • Tcpdump Fundamentals
  • Capturing With Tcpdump (Fundamentals Labs)
  • Tcpdump Packet Filtering
  • Interrogating Network Traffic With Capture and Display Filters
  • Analysis with Wireshark
  • Familiarity With Wireshark
  • Wireshark Advanced Usage
  • Packet Inception, Dissecting Network Traffic With Wireshark
  • Guided Lab: Traffic Analysis Workflow
  • Decrypting RDP connections

Relevant Paths

This module progresses you towards the following Paths

Card image
Basic Toolset

Medium 91 Sections

Cubes Required: 470

In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of all tools (both open source and commercial) available to us as security practitioners but covers tried and true tools that we find ourselves using on every technical assessment that we perform. Learning how to use the basic toolset is essential, as many different tools are used in penetration testing. We need to understand which of them to use for the various situations we will come across.

  Network Enumeration with Nmap

Easy 12 Sections

Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.

  Login Brute Forcing

Easy 11 Sections

Learn how to brute force logins for various types of services and create custom wordlists based on your target.

  Attacking Web Applications with Ffuf

Easy 13 Sections

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

  Cracking Passwords with Hashcat

Medium 14 Sections

This module covers the fundamentals of password cracking using the Hashcat tool.

  SQLMap Essentials

Easy 11 Sections

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

  Intro to Network Traffic Analysis

Medium 15 Sections

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

  Using Web Proxies

Easy 15 Sections

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

Card image
Information Security Foundations

Easy 147 Sections

Cubes Required: 150

Information Security is a field with many specialized and highly technical disciplines. Job roles like Penetration Tester & Information Security Analyst require a solid technical foundational understanding of core IT & Information Security topics. This skill path is made up of modules that will assist learners in developing &/or strengthening a foundational understanding before proceeding with learning the more complex security topics. Every long-standing building first needs a solid foundation. Welcome to Information Security Foundations.

  Introduction to Academy

Fundamental 8 Sections

This module is recommended for new users. It allows users to become acquainted with the platform and the learning process.

  Learning Process

Fundamental 20 Sections

The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to learn but describes the process of learning adapted to the field of information security. You will learn to understand how and when we learn best and increase and improve your learning efficiency greatly.

  Setting Up

Fundamental 9 Sections

This module covers topics that will help us be better prepared before conducting penetration tests. Preparations before a penetration test can often take a lot of time and effort, and this module shows how to prepare efficiently.

  Linux Fundamentals

Fundamental 18 Sections

This module covers the fundamentals required to work comfortably with the Linux operating system and shell.

  Windows Fundamentals

Fundamental 14 Sections

This module covers the fundamentals required to work comfortably with the Windows operating system.

  Introduction to Bash Scripting

Easy 10 Sections

This module covers the basics needed for working with Bash scripts to automate tasks on Linux systems. A strong grasp of Bash is a fundamental skill for anyone working in a technical information security role. Through the power of automation, we can unlock the Linux operating system's full potential and efficiently perform habitual tasks.

  Introduction to Networking

Fundamental 12 Sections

As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation in networking, it will be tough to progress in any area of information security. Understanding how a network is structured and how the communication between the individual hosts and servers takes place using the various protocols allows us to understand the entire network structure and its network traffic in detail and how different communication standards are handled. This knowledge is essential to create our tools and to interact with the protocols.

  Intro to Network Traffic Analysis

Medium 15 Sections

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

  Introduction to Active Directory

Fundamental 16 Sections

Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetration testers and information security professionals, we must have a firm understanding of Active Directory fundamentals, AD structures, functionality, common AD flaws, misconfigurations, and defensive measures.

  Introduction to Web Applications

Fundamental 17 Sections

In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.

  Web Requests

Fundamental 8 Sections

This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.

To start this course Sign Up!