Network Forensic by WireShark
學習目標
這堂課主要熟習如何用 WireShark 來對網路做分析,課程中會用很多實際的網路封包個案,
最後,會用幾個實際網路安全的個案,分析該網路到底出了什麼資訊安全的問題。
課程大綱
| Session 1 |
- Network Sniffing Approach
- Network Hacking
- How to sniff in network environment
- Uses of Wireshark
|
| Session 2 |
- ARP (ARP protocol, ARP Package analysis with Wireshark)
- IP Fragmentation (What is IP frag, Package analysis with Wireshark)
- TCP 3-way handshake (What is TCP 3-way handshake, Package analysis with Wireshark)
- TCP close connection-Teardown and Reset
- UDP
|
| Session 3 |
- DNS Query
- ICMP and Trace route
- DHCP query
- DNS
|
| Session 4 |
Case Study for no Internet Access Troubleshooting
Case 1- Local networking
Case 2 – DNS
Case 3 – Network Printer
|
| Session 5 |
- HTTP
- Portal Browsing
- Identifying if it’s Application or Network Issue
- Root/cause of Slow Network
- TCP Flow Control
- TCP re-transmission
- Network Latency
- Sync Scan and port scanning detection
- Operation System Fingerprinting (How can I know the OS type from the package analysis)
|
| Session 6 |
- Malware network package analysis
- ARP Cache poisoning
- Remote Access Trojan
- Security staff have been monitoring Mr X activity for some time, but haven’t found anything suspicious. “We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”
|