Skip to main content

Advanced Network Traffic Analysis

Advanced Network Traffic Analysis will teach students to solve complex challenges in performing traffic analysis. The course focuses on creating baselines, identifying anomalies, and automating analytic processes.

Request Course Details

Attending students will learn

  • „Passive Network Reconstruction
  • „Network Baselines
  • „Netflow
  • „Regular Expressions
  • „Dissector Creation
  • „TShark
  • „Python for Network Analysts

Who should attend

  • „Security Analysts
  • „Network Security Engineers
  • „Security Managers
  • „Information Security Officers
  • „Incident Response Analysts
  • „Network Administrators


  • „Knowledge of IPv4 networking protocols is required
  • „Skill and experience with Wireshark display filtering is required
  • „Thorough understanding of Microsoft Windows
  • „Python scripting abilities would be beneficial
  • Network Traffic Analysis and Python for Network Defenders are required prior to attendance

Course Outline

Day 1 - Automated Research Tools & Advanced Network Concepts

  • „Automated Open Source Research
  • „Maltese, P0F, The Harvester
  • „Advanced Network Concepts
  • „Load Balancing
  • „Network Address Translation
  • „Virtual IP's
  • „Traffic Shaping:
  • „Proxies, VPNs and Tunneling
  • „Afternoon Labs

Day 2 - Automating Analysis with Python

  • „Pyreshark Custom Dissectors
  • „Dissector Basics
  • „Data Decoding
  • „Writing Custom Dissectors
  • „SCAPY Basics
  • „Packet Crafting
  • „Custom PCAP Analysis

Day 3 - Blue Team Exercises

  • „Advanced Network Mapping
  • „Network Topology Analysis
  • „Securing Networks through Topology Hardening
  • „Large PCAP Analysis
  • „Blue Team Labs

Day 4 - Purple/ HUNT Team Exercises

  • „Network Incident Handling and Reporting
  • „Identifying and Correcting Inaccurate Topology Maps
  • „Botnet Hunting
  • „Creating Dissectors for Botnet Traffic
  • „Discovering Network and Host Compromise
  • „Signs of DNS Highjacking
  • „Identifying Phishing and other Social Engineering Streams
  • „Isolating Network Intrusion Traffic

Day 5 – Student Practical Demonstration

„Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will uncover a multi-part network intrusion. Students will compete in a team-based culmination exercise using their custom scripts and dissectors as well as the advanced skills they learned in class to accurately identify, document, and extract unwanted activities on a network.

Courses That Follow This Course

Request More Info About This Course

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...