Visão Geral

Curso Wireshark TCP/IP Analysis and Troubleshooting with Wireshark. A análise e otimização de rede eficazes abrangem não apenas as habilidades de capturar dados, mas também a capacidade de discernir os principais padrões ocultos no fluxo de tráfego de rede. Este curso fornecerá ao aluno um conjunto de técnicas de investigação e análise com foco no uso de ferramentas de código aberto neutras em relação ao fornecedor, como o Wireshark, para fornecer informações sobre as seguintes áreas:

– Configuração de software especializada e técnicas de captura de pacotes usando Wireshark 3.0

– Comportamento, análise e reconhecimento de ameaças para vários protocolos de usuário padrão versão 4, incluindo IP, DHCP, TCP, UDP, DNS, ICMP, ARP e protocolos de usuário comuns baseados na Internet, como HTTP / HTTP 2.0 / NNTP

– Técnicas especializadas de filtragem e análise, incluindo reconstrução e visualização do tráfego de dados

Exemplos do mundo real serão utilizados ao longo do curso em conjunto com vários exercícios práticos para fornecer habilidades de análise prática comprovadas em campo. Os participantes receberão um guia do aluno, incluindo vários arquivos de referência e ferramentas forenses e de rede, bem como uma biblioteca de documentos de referência.

Publico Alvo

Projetado para o pessoal de rede, governo e segurança que precisa desenvolver habilidades de investigação de pacotes e otimização de rede; este curso abrange as principais habilidades do Wireshark, como configuração de software personalizado, captura de pacotes e técnicas de análise.

As principais áreas de estudo incluem: Comportamento de protocolo, análise e reconhecimento de ameaças para vários protocolos de usuário críticos, incluindo IPv4, DHCPv4, TCP, UDP, DNS, ICMPv4, bem como protocolos de usuário comuns baseados na Internet, como HTTP. Ênfase específica em técnicas especializadas de análise do mundo real, incluindo reconstrução de tráfego de dados.

A conclusão bem-sucedida deste curso fornecerá a esses indivíduos um caminho para os campos de análise de rede e forense.

Materiais

Conteúdo Programatico

1. Introduction to Network Analysis
   1. Network analysis challenges – Nomenclature and Terminology for Wireshark 3.0
2. Collecting the Data
   1. Configuring Wireshark
   1. Building and optimizing configuration Profiles for data capture
      1. Importing and Exporting Porfiles
   2. Using capture filters to capture specific suspect traffic
   3. Fine-Tuning Wireshark 3.0 – Advanced Wireshark Profile Optimization
   4. Remote Capture Using Wireshark 3.0
   1.  Location – How Network Infrastructure Devices Effect Ethernet Network Analysis
      1. Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU
3. Analyzing the Data – A Sample Network Analysis Methodology
   1. Effectively Navigating Wireshark 3.0 and Interpreting Color Rules
      1. 6 Steps for practical Network Analysis of suspicious traffic
         1. Answering the key questions – A Sample Network Analysis Methodology
      2. Understanding and Using Shortcuts
      3. Constructing, Using and Interpreting Color Rues in Wireshark 3.0
   2. My Network is Slow! – Using Wireshark 3.0 to Effectively Trouble Shoot Latency Issues
      1. The Importance of Effectively Using Time Values in Troubleshooting
         1. How Location affects Time Values
      2. Default vs. Specialized Time Values
         1. Cumulative Time Value
         2. Delta Time Value
         3. Conversational Time Values
   3. Expert Analysis – Introduction to Statistical Analysis and Graphing
      1. Wireshark 3.0 Updated Expert Systems
      2. Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
         1. The 6 Key Statistical Displays to Master
            1. What’s Normal vs. Abnormal – The Role of Baseline Files
            2. Building a Baseline Library – Where Do I go to Find Samples?
         2. Statistical Displays vs. Graphing
            1.  Types of Graphs
               1.  I/O vs. Flow vs. TCP
   4. Show me the Money! – Display Filters and Regular Expressions
      1. Using Wireshark 3.0 Standard Display Filtering
         1. Creating and Using Filter Buttons
      2. Advanced Display Filters
      3. Extending the Power of Wireshark 3.0 – Regular Expressions
4. Analysis of Network Applications and User Traffic
   1.  The Networking Protocols
      1.  What’s Normal vs. Abnormal – The Role of Baseline Files
      2. Building a Baseline Library – Where Do I go to Find Samples?
   2.  The Key Networking Protocols and Functions
      1.  Configuration Protocols – DHCPv4
         1.  Structure and Analysis of DHCPv4
      2. Resolving Addresses – DNS / DNSSec
         1. Structure and Analysis of DNS
         2.  Fixing the Problem – DNSSec structure and Analysis
      3. The Network Layer – IPv4
         1.  Structure and Analysis of IPv4
         2. IP Options – What’s the Big Deal?
      4. Utility and Troubleshooting Protocols – Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMPv4)
         1. Structure and Analysis of ARP
         2. Structure and Analysis of ICMPv4
         3. Network Analysis Using the ICMP Analysis – Types and Codes
      5. The Transport Layer – Moving the Data – TCP / UDP
         1. Structure and Analysis of TCP
         2. TCP Options – What’s the Big Deal?
         3. TCP Analysis Using Expert Systems
         4. Structure and Advanced Analysis of UDP
      6. The Application Layer – Analyzing Common User Protocols
         1. Web-Based Applications Using HTTP / HTTP 2.0
            1. Structure and Analysis of HTTP
            2. Response Codes – The answer to analyzing HTTP
            3. Reassembling and Exporting of HTTP Objects
            4. New and Improved – HTTP 2.0 – a. Structure and Analysis of HTTP 2.0
         2. The Forgotten Part of the Internet – Usenet and NNTP
            1. Structure and Analysis of NNTP
            2. Response Codes – The answer to analyzing NNTP
            3. Reassembling and Exporting of NNTP Objects
      7.  Securing the Data – SSL / TLS
         1. Secure Socket Layer
            1. Structure and Analysis of SSL
            2. Response Codes – The answer to analyzing SSL
            3. Decrypting and Reassembling of SSL Objects
         2. Transport Layer Security
            1. Structure and Analysis of TLS
   1. Recap – Effective Troubleshooting Techniques
5. Supplemental Resources
   1. Appendix “A” – Useful Stuff
   2. Appendix “B” – Book List: Recommended Reading
   3. Appendix “C” – Wireshark Command Line Program User Guides
   4. Appendix “D” – Wireshark USB Capture Guide
6. Where do I go From Here? – Continuing Your Wireshark Education
   1. Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
   2. Wireshark 1 – TCP/IP Troubleshooting & Network Optimization Using Wireshark 3.0
   3. Wireshark 2 – Advanced Network and Security Analysis
   4. Wireshark 3 – Network Forensics Analysis
   5. Wireshark 4 – Mobile Device Forensics Analysis
   6. Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
   7. Wireshark 6 – VoIP Advanced Network Analysis
   8. Wireshark 7 – WiFi Advanced Network Analysis
   9. Wireshark 8 – SCADA and ICS Advanced Network Analysis