Focal Point - Network Traffic Analysis Course Details:

Focal Point - Network Traffic Analysis will teach you to differentiate between normal and abnormal network traffic, track the flow of packets through a network, and attribute conversations and actions taken over a network segment to specific hosts or users. This course focuses on research, filtering, and comparative analysis to identify and attribute the different types of activity on a network. You will learn how to follow conversations across a wide range of protocols and through redirection, as well as how to develop custom filters for non-dissected protocols. On Day 5 of the course, you will participate in a team-based capture-the-flag exercise to test your new skills.

    No classes are currenty scheduled for this course.

    Call (919) 283-1653 to get a class scheduled online or in your area!

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
  • Create a baseline of the protocols, hosts and interactions in a network environment
  • Identify anomalous network traffic using a combination of in-depth packet analysis and high-level statistical analysis
  • Reconstruct event timelines and accurately correlate, or distinguish between, event threads
  • Identify and extract network artifacts for further forensic analysis
  • Compare observed network traffic to expected topology
  • Research and analyze unknown (non-dissected) protocols
  • Track web activity at the user or session level via HTTP header analytics

Student Practical:
Using the tools, skills, and methodologies taught in Days 1 - 4, on day 5 of the course students will participate in a competitive capture-the-flag exercise that includes various categories, including a simulated SCADA attack scenario. Designed to challenge the participants, each correctly completed milestone will unlock a successively more difficult challenge.

Course Outline:

  1. Building Blocks
  2. OSI &TCP/IP Review
  3. Wireshark Tutorial
  4. Day in the Life (Common Protocols)
  5. Extracting Objects
  6. TCP - A Deeper Look
  7. Analytic Approach
  8. Internet Research
  9. Isolating Traffic
  10. Routing Principles
  11. Traceroute Analysis
  12. Standards and Protocol Analysis
  13. Start-to-Finish Protocol
  14. Analysis (Email Example)
  15. Analysis Beyond Wireshark
  16. Secure Protocols
  17. HTTP Header Analytics
  18. Big Capture
  19. More Tools and Tricks


  1. Wireshark Filtering (Part 1, Part 2)
  2. A Day in the Life (Common Protocols)
  3. Exporting Objects
  4. TCP/IP Analysis
  5. Internet Research
  6. Isolate Event #1
  7. Isolate Event #2
  8. Isolate Event #3
  9. Isolate Event #4
  10. Isolate Event #5
  11. RFC Research
  12. Meta-data Analysis
  13. Non-Dissected Protocol Analysis
  14. Encrypted Traffic Analysis Referer
  15. User-Agents
  16. Web Request Tracking
  17. Large Capture Investigation
  • A broad understanding of TCP/IP and associated protocols
  • Knowledge of network hardware and segment types
  • Previous exposure to Wireshark or other protocol analysis software is also recommended
  • Network analysts seeking to develop security-related skills
  • Incident responders needing to quickly address system security breaches
  • Penetration testers looking to reduce their detectability
  • Threat operations analysts seeking a better understanding of network intrusions
  • All network administrators needing a better understanding of network security

Ready to Jumpstart Your IT Career?