Hacked Network Traffic Analysis by WireShark

Hacked Network Traffic Analysis by WireShark

 這堂課程主要用一個實際的網路攻擊個案,利用 WireShark 來分析網路封包,學員同時學習 WireShark 的操作,學習網路通訊協定與分析網路攻擊的前因後果,回答下列七個主要的問題:
  1. Discovery the network architecture
(IP of the hacked machine, local gateway, DNS, routers, any syslogs?)
  1. Profiling Traffic (ICMP, Layer 2/3 Traffic, TCP ports open/closed, UDP open/close, )
  2. Identifying Attacks (Attacks signature, ftp connection, http query)
  3. Possible Compromise (reconnaissance by attacker, suspicious traffic)
  4. Know the Attacker (What’s the OS of the attacker?, )
  5. Attacker’s activities (How did attacker hide the tool and command?)
  6. Correlation Timeline of information when attackers compromise the system

課程目標

The objective is to analyze a hacked network traffic in an enterprise in-house environment. We will do network packet analysis by Wireshark to identify and investigate the followings.

課程大綱

Course Name Hacked Network Traffic Analysis by WireShark
Duration 14:00~16:00, every Tuesday, 4 weeks
Target Audience Attendee whom may be interested or involved with

– Network Packet analysis
– Analyze malware behavior and perform the root cause analysis
Prerequisite -Basic uses of WireShark

-Basic understanding of networking protocol, TCP/UDP/HTTP/DNS
Evaluation -Courework/Lab 100%
Agenda
  1. Discovery the network architecture
(IP of the hacked machine, local gateway, DNS, routers, any syslogs?)
  1. Profiling Traffic (ICMP, Layer 2/3 Traffic, TCP ports open/closed, UDP open/close, )
  2. Identifying Attacks (Attacks signature, ftp connection, http query)
  3. Possible Compromise (reconnaissance by attacker, suspicious traffic)
  4. Know the Attacker (What’s the OS of the attacker?, )
  5. Attacker’s activities (How did attacker hide the tool and command?)
  6. Correlation Timeline of information when attackers compromise the system

Leave a Reply

Your email address will not be published.