Network Forensic by WireShark

Network Forensic by WireShark

學習目標

這堂課主要熟習如何用 WireShark 來對網路做分析,課程中會用很多實際的網路封包個案,

最後,會用幾個實際網路安全的個案,分析該網路到底出了什麼資訊安全的問題。

 

課程大綱

Session 1
  • Network Sniffing Approach
  • Network Hacking
  • How to sniff in network environment
  • Uses of Wireshark
Session 2
  • ARP (ARP protocol, ARP Package analysis with Wireshark)
  • IP Fragmentation (What is IP frag, Package analysis with Wireshark)
  • TCP 3-way handshake (What is TCP 3-way handshake, Package analysis with Wireshark)
  • TCP close connection-Teardown and Reset
  • UDP
Session 3
  • DNS Query
  • ICMP and Trace route
  • DHCP query
  • DNS
Session 4 Case Study for no Internet Access Troubleshooting

Case 1- Local networking
Case 2 – DNS
Case 3 – Network Printer
Session 5
  • HTTP
  • Portal Browsing
  • Identifying if it’s Application or Network Issue
  • Root/cause of Slow Network
  • TCP Flow Control
  • TCP re-transmission
  • Network Latency
  • Sync Scan and port scanning detection
  • Operation System Fingerprinting (How can I know the OS type from the package analysis)
Session 6
  • Malware network package analysis
  • ARP Cache poisoning
  • Remote Access Trojan
  • Security staff have been monitoring Mr X activity for some time, but haven’t found anything suspicious. “We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”

Leave a Reply

Your email address will not be published. Required fields are marked *