Getting Started with Packet Analysis

Do you know the kind of data that transmits across your network? This course will give you the knowledge and tools necessary to build the foundational knowledge needed to be able to capture, read, and interpret packets within your network.
Course info
Level
Beginner
Updated
May 24, 2018
Duration
2h 17m
Table of contents
Description
Course info
Level
Beginner
Updated
May 24, 2018
Duration
2h 17m
Description

Threats are everywhere within your IT infrastructures. There are many security devices to help detect and prevent these threats, but what happens when you need to dig into the details? What happens when you’re faced with analyzing a threat, conducting a forensic investigation, or troubleshooting an issue? In this course, Getting Started with Packet Analysis, you will learn the basic skills needed to be able to capture, read, and interpret packets within your environments. First, you will learn the structure of datagrams in your environments. Next, you will explore how to use your analysis tools, and how to interpret the information within a datagram. Finally, you will discover how to identify certain risks by looking at datagrams. When you’re finished with this course, you will have the foundational knowledge to be able to hone your skills in interpreting data that crosses your network. Software required: Security Onion with netsniff-ng, tcpdump, and Wireshark.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Digital Forensics: The Big Picture
Beginner
1h 13m
Jan 9, 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Joe Abraham, and welcome to my course, Getting Started with Packet Analysis. I am an IT security professional and consulting engineer with over eight years of experience in networking and security. You may have heard the term packet analysis at some point throughout your career or education so far. This is an important aspect to almost everything IT related. It is used for troubleshooting, analyzing threats, and for forensic purposes. Because of the lack of knowledge and the growing needs of this skill, everybody in IT should learn it. In this course, we are going to walk through the basics of packet analysis using several different tools in our toolbox. Some of the major topics that we will cover include the structure of datagrams in our environments, how to use our analysis tools, how to interpret the information within a datagram, and how to identify certain risks by looking at datagrams. By the end of this course, you will be able to use these tools to capture and interpret packets on your own. Before beginning the course, you should be familiar with general IT terminology and security concerns within enterprise environments. I really hope you'll join me on this journey to learn all about the datagrams with the Getting Started with Packet Analysis course at Pluralsight.

What Is Packet Analysis?
Hello, and welcome to Getting Started with Packet Analysis. I'm Joe Abraham, and in this course, we will be learning all about packet analysis and the underlying structures of the datagrams. In today's high-tech world, we are seeing more and more information passing through our networks daily. This increased usage has driven organizations to increase their security capabilities to ensure that the loss of data is mitigated to the best of their ability. Part of this process is an increase in the capturing and analyzing of datagrams for many reasons, including threat detection and forensic investigations. As we journey through this course, I will be referencing the term packet analysis frequently. Defining this phrase is essential to being able to understand the reasons why we analyze datagrams, and the processes to accomplish that. There are many ways to define this process, but I like to think of packet analysis as the reading and interpretation of an individual or set of datagrams to be used for information security or network monitoring purposes. As your network passes more traffic, the risks inherent to the services that you provide increase. Throughout this course, I will highlight some of these risks, and how to identify some of the exploits to them by looking into the datagrams, and seeing the problems within them. The knowledge provided in this course will teach you how to read the datagrams that you will see within a packet capture, the common structures of them, and how to identify and investigate possibly malicious activity by looking into them in detail.

Capturing Packets
Welcome back to my course, Getting Started with Packet Analysis. In the previous module, you were introduced to packet analysis and the fundamentals behind how we see and interpret the data in the datagram. In this module, we will be discussing how to capture packets, as well as several topics that relate closely to doing so. Capturing and storing packets is a process that is becoming more widely used in our environments as threats continue to grow and evolve. This process has become a huge part in our environment's defense in depth. Throughout this module, we will be covering several topics that relate to packet analysis and capturing of this information. First, we will discuss the OSI model briefly, as well as the basic structure of the datagrams, and the information contained within that we will be seeing. We will discuss the impact of capturing packets on a network, highlighting the implications and network performance, as well as any legal or ethical issues that can be faced. Along with the impacts, I will talk about the flow of this information through the network, the interface modes, and the various capture methods used. I will cover several use cases showing why capturing this data can help you secure the environment better, and the need for you to have the skill of capturing and analyzing this data as a security practitioner or forensic analyst. I will then show you the programs that we will be using, and discussing their uses and information in detail, as well as have a demo for you on how to capture packets Wireshark, netsniff-ng, and tcpdump. We will be building a solid foundation of knowledge throughout this module, so that we can build on top of it in each subsequent module. It is absolutely necessary to be comfortable with the topics presented in this module and the previous one before moving on in the course. So without further adieu, let's get you there, and learn about capturing packets.

Case Study: Manipulated Packet Information
Welcome back. This course, Getting Started with Packet Analysis, has been really fun so far. But you know what, we are now just getting to the best part, the case study. We have learned so much throughout this course with regards to packets and the analysis of them. By now, you should have a very solid understanding of this process, and what to look for when analyzing packets. We are going to take your skills a set further and walk through a case study where we need to find a packet or two that are not quite right. Throughout this module, we will be covering many things. First, I'll talk about what a crafted packet is. This conversation will be oriented towards the various reasons why a packet may be crafted, and how it might be used for an attack. We will then put some of the skills that we learned in this course to use with netsniff-ng, and see if we can't identify a problem within the network. After using netsniff-ng for this task, we will use Wireshark in the second portion of this demo to identify the same, and find a packet that is malicious and not fitting in with the rest. Finally, we will sum up what we have learned in the case studies and demos, and ensure that you are ready to go in your packet analysis adventures. I encourage you to follow along in the demos for this module if possible. If not, practicing on your own time is completely fine. Just be sure to remember if you are capturing packets on your own, it's in your own lab-type network, and you are complying with any legal rules within your locality. Don't forget about the ethics of looking at all this data as well. As you practice, try to remember that the more effort you put into understanding and practicing this skill, the more value you will get out of it.

Wrapping up Packet Analysis
We did it, we are on the last module of the course, and we have a few more minor things that we need to cover before ending it. This has been a great experience going through this with you, and being able to show you the power of analyzing packets, and using critical thinking skills to identify attacks. We'll hit on some of the main points that we covered in this course throughout this module, so we can be sure to remember the important things. Throughout this module, we will be covering a few things to finish up our course on packet analysis. First, I'm going to go over a little bit of guidance on packet analysis in general, and I will include some of the key facts with this that have been sprinkled throughout this course. We will then talk a little bit more about the roles that need this skill and the specific role of a SOC analyst at Globomantics. I'll give a few more resources to use to learn a bit more about the packets and the protocols that drive them, as well as mention some awesome Pluralsight courses to check out that might help you with this, and learning about the way it's supposed to work. Finally, I'll wrap up the course and wish you luck.