All Access Pass Online Training Portal

Preview - Network Forensics with Wireshark

[Covers Wireshark v2]

Learn to correlate IDS alerts/log entries with traffic patterns in this 8-hour Network Forensics with Wireshark course.

Topics and timecodes are listed below:

  • Course Introduction [4:22]
  • Methodology and Wireshark Use [28:00]
  • Wireshark Essentials [31:00]
  • The “Good Traffic” Rule [7:25]
  • Capture Location and Methods [17:00]
  • High Traffic Rates and Intermittent Issues [22:14]
  • Essential Capture Filters [25:56]
  • Offset Capture Filters [8:21]
  • String-Matching Capture Filters [7:09]
  • Network Forensics Profile [11:30]
  • Active Applications and Hosts [31:29]
  • Right-Click Features [21:21]
  • Using the Expert to Detect Anomalies [11:23]
  • Exporting Subsets [23:27]
  • GeoIP Mapping [18:50]
  • Carving and Object Reassembly [12:55]
  • Reporting with Comments [26:51]
  • Display Filter Essentials [35:00]
  • Conversation Filters [15:06]
  • Compound Filters [13:11]
  • Keyword Filters [12:07]
  • Regular Expression (Regex) Filters [10:56]
  • Turn Filters into Buttons [10:24]
  • Detect Various Scans [20:11]
  • Anomaly Locations [10:42]
  • Password Crack Attempts [7:06]
  • Denial of Service [7:36]
  • Redirections [16:26]
  • Course Wrap-Up [5:12]

&

Preview - CS65: Detecting Delays - Troubleshooting with Time [CPE: 2]

In this course, we look at two types of delays - round trip time delays and response time delays. We will adjust required protocol/application preferences in Wireshark, add custom columns for sorting, and build new buttons to quickly identify issues related to time.

Topics include:

  • Differentiate the Two Types of Delays
  • Work with the Key Time Columns
  • Measure Round Trip Time (RTT)
  • Measure TCP Delta Time
  • Measure TCP ACK RTT
  • Work with the RTT Graph
  • Use Service Response Time (SRT) Statistics
  • Manually Measure SRT
  • Build Filter Expression Buttons for Time Issues

&

Preview - CS66: Adjust Key TCP Settings

Examine Wireshark’s 12 TCP preference settings and their effect on the traffic and your analysis. Includes coverage of TCP reassembly, bytes in flight usage, and TCP calculated timestamps.

Topics include:

  • Show TCP summary in protocol tree
  • Validate the TCP checksum if possible
  • Allow subdissector to reassemble TCP streams
  • Analyze TCP sequence numbers
  • Relative sequence numbers
  • Scaling factor to use when not available from capture >
  • Track number of bytes in flight
  • Calculate conversation timestamps
  • Try heuristic sub-dissectors first
  • Ignore TCP Timestamps in summary
  • Do not call subdissectors for error packets
  • TCP Experimental Options with a Magic Number
  • Recommended TCP Settings

&