Learn how to use Wireshark—a protocol analysis tool—for deep packet analysis, capturing, and forensics. Find out how to detect and handle unusual traffic on a network to prevent unwanted access and malicious activity.
- [Instructor] Hello, I'm Lisa Bock, and I'm a security ambassador, and I'm super excited that you can join me for Wireshark: Malware and Forensics. Routinely examining network traffic is important in an organization as part of an overall security framework. In this course, we will analyze network traffic using Wireshark, a free and open source packet analysis tool. Participants will learn how Wireshark can uncover advanced persistent threats on a network that elude detection and hide in plain sight.
I'll first review cyber attacks and trends and why you should do deep packet analysis using Wireshark and tshark and review how to tap into your network. I'll dive into a capture overview, including baselining the network, displaying capture filters, and coloring rules to highlight potential malware signatures. I'll look at unusual traffic and indications of compromise. I'll discuss ports associated with malware and common attack signatures.
I'll finish up with some case studies and what to look for when trying to uncover potential problems on your own network. Are you ready? Let's get started.
- Trends in cyberattacks
- Preventing system compromise
- Analyzing packets
- Using Wireshark
- Creating firewall rules
- Baselining a network
- Using capture filters
- Using a ring buffer
- Handling OSI layer attacks
- Identifying attack signatures
- Using VirusTotal
- Handling unwanted TOR activity