Skip to main content

Network Traffic Analysis

Network Traffic Analysis will teach you to differentiate between normal and abnormal network traffic, track the flow of packets through a network, and attribute conversations and actions taken over a network segment to specific hosts or users. This course focuses on research, filtering, and comparative analysis to identify and attribute the different types of activity on a network. You will learn how to follow conversations across a wide range of protocols and through redirection, as well as how to develop custom filters for non-dissected protocols. On Day 5 of the course, you will participate in a team-based capture-the-flag exercise to test your new skills.

This class is taught as 70% hands-on and 30% classroom instruction, and culminates in a capstone team-based CTF challenge

Request Course Details

Attending students will learn

After successfully completing this course, students will be able to:

  • Create a baseline of the protocols, hosts and interactions in a network environment
  • Identify anomalous network traffic using a combination of in-depth packet analysis and high-level statistical analysis
  • Reconstruct event timelines and accurately correlate, or distinguish between, event threads
  • Identify and extract network artifacts for further forensic analysis
  • Compare observed network traffic to expected topology
  • Research and analyze unknown (non-dissected) protocols
  • Track web activity at the user or session level via HTTP header analytics

Who should attend

  • Network Analysts seeking to develop security-related skills
  • Incident Responders needing to quickly address system security breaches
  • Penetration Testers looking to reduce their detectability
  • Threat Operations Analysts seeking a better understanding of network intrusions
  • All Network Administrators needing a better understanding of network security


  • A Broad Understanding of TCP/IP and Associated Protocols
  • Knowledge of Network Hardware and Segment Types
  • Previous Exposure to Wireshark or Other Protocol Analysis Software is also recommended

Course Outline

Day 1

  • OSI & TCP/IP Models
  • Number Theory
  • Wireshark Tutorial
  • Day in the life (TCP/IP)

Day 2

  • Analytic Process
  • Internet Research
  • Traffic Analysis
  • Attribution

Day 3

  • Research Techniques
  • Start-to-Finish Protocol Analysis
  • Regular Expressions
  • Analysis beyond Wireshark
  • Security Protocols

Day 4

  • Referrers
  • User Agents
  • Cookies
  • Analysis of a Big Capture File
  • Tips and Tricks

Day 5 – Student Practical Demonstration

Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will participate in a competitive capture-the-flag exercise. Designed to challenge the participants, each correctly completed milestone will unlock a successively more difficult challenge.

Courses That Follow This Course

Request More Info About This Course

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...