Pcap Analysis & Network Hunting
Creator: Reid Gilman
License: Creative Commons: Attribution, Share-Alike, Non-Commercial
(http://creativecommons.org/licenses/by-nc-sa/3.0/)
Class Prerequisites: A basic understanding of TCP/IP and OSI model, Python programming experience helps with exercises.
Lab Requirements: tcpdump, Wireshark, and ChopShop. A linux/BSD/Mac system with the previous tools is recommended (as it should come with tcpdump). The lab materials are having sensitive materials removed and will be released soon.
Class Textbook: None
Recommended Class Duration: 2 day
Creator Available to Teach In-Person Classes: Yes
Author Comments:
Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.
Class Materials
Sanitized lab materials coming soon
Revision History:
07-08-2013 - Initial class content upload
If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.