Intro to Network Traffic Analysis Medium
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.
Created by TreyCraf7
Summary
This module introduces network traffic analysis in a general sense for both offensive and defensive security practitioners. Defenders can use network traffic analysis to collect and analyze real-time and historical data of what is happening on the network. Network traffic analysis can also be used by both sides to search for vulnerable protocols and ciphers in use. We will cover principles of network traffic analysis and usage of traffic analysis tools such as Wireshark and tcpdump.
In this module, we will cover:
- Network traffic analysis principles
- Tcpdump fundamentals
- Working with Wireshark
- Wireshark filters
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module includes several guided and non-guided labs to reinforce the techniques covered throughout.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many examples as possible to reinforce further the concepts presented in each section. You can do this in the Pwnbox provided in the interactive sections or your virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Medium" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Linux Fundamentals
- Introduction to Networking
- Web Requests
Sections
- Network Traffic Analysis
- Networking Primer - Layers 1-4
- Networking Primer - Layers 5-7
- The Analysis Process
- Analysis in Practice
- Tcpdump Fundamentals
- Capturing With Tcpdump (Fundamentals Labs)
- Tcpdump Packet Filtering
- Interrogating Network Traffic With Capture and Display Filters
- Analysis with Wireshark
- Familiarity With Wireshark
- Wireshark Advanced Usage
- Packet Inception, Dissecting Network Traffic With Wireshark
- Guided Lab: Traffic Analysis Workflow
- Decrypting RDP connections
Relevant Paths
This module progresses you towards the following Paths
Medium 91 Sections
Cubes Required: 470
In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of all tools (both open source and commercial) available to us as security practitioners but covers tried and true tools that we find ourselves using on every technical assessment that we perform. Learning how to use the basic toolset is essential, as many different tools are used in penetration testing. We need to understand which of them to use for the various situations we will come across.