Hacked Network Traffic Analysis by WireShark
這堂課程主要用一個實際的網路攻擊個案,利用 WireShark 來分析網路封包,學員同時學習 WireShark 的操作,學習網路通訊協定與分析網路攻擊的前因後果,回答下列七個主要的問題:
- Discovery the network architecture
(IP of the hacked machine, local gateway, DNS, routers, any syslogs?)
- Profiling Traffic (ICMP, Layer 2/3 Traffic, TCP ports open/closed, UDP open/close, )
- Identifying Attacks (Attacks signature, ftp connection, http query)
- Possible Compromise (reconnaissance by attacker, suspicious traffic)
- Know the Attacker (What’s the OS of the attacker?, )
- Attacker’s activities (How did attacker hide the tool and command?)
- Correlation Timeline of information when attackers compromise the system
課程目標:
The objective is to analyze a hacked network traffic in an enterprise in-house environment. We will do network packet analysis by Wireshark to identify and investigate the followings.
課程大綱
| Course Name | Hacked Network Traffic Analysis by WireShark |
| Duration | 14:00~16:00, every Tuesday, 4 weeks |
| Target Audience | Attendee whom may be interested or involved with
– Network Packet analysis
– Analyze malware behavior and perform the root cause analysis
|
| Prerequisite | -Basic uses of WireShark
-Basic understanding of networking protocol, TCP/UDP/HTTP/DNS
|
| Evaluation | -Courework/Lab 100% |
| Agenda |
(IP of the hacked machine, local gateway, DNS, routers, any syslogs?)
|