Skip to main content

NT 100 - Network Traffic Analysis

Grow Your Analytic Intelligence.

Network Traffic Analysis will enable students to differentiate between normal and abnormal network traffic. The course focuses on research, filtering and comparative analysis to identify different types of activity on a network and attribute their source. A subject matter expert will teach you security-related tactics, techniques and procedures for performing network analysis in today's ever-changing threat landscape. You'll learn to follow conversations through redirection, as well as how to develop custom filters for non-dissected protocols. After completing this course, students will be able to hone in on the key events in a traffic capture and reconstruct the event time line.

Request Course Details

Attending students will learn

  • Internet-Based Open Source Research
  • Wireshark Protocol Analyzer
  • Effective Capture and Display Filtering
  • Tracing System, Service and User Transactions
  • Recognizing Encoding Types
  • Base-64 and URL Encoding
  • Non-Dissected Protocol Analysis
  • HTTP Header Analytics (User-Agents, Referrers, Accept Lines, etc.)
  • Cookie Tracking

Who should attend

  • Network Analysts seeking to develop security-related skills
  • Incident Responders needing to quickly address system security breaches
  • Penetration Testers looking to reduce their detectability
  • Threat Operations Analysts seeking a better understanding of network intrusions
  • All Network Administrators needing a better understanding of network security


  • A Broad Understanding of TCP/IP and Associated Protocols
  • Knowledge of Network Hardware and Segment Types
  • Previous Exposure to Wireshark or Other Protocol Analysis Software is also recommended

Course Outline

Day 1

  • OSI & TCP/IP Models
  • Number Theory
  • Wireshark Tutorial
  • Day in the life (TCP/IP)

Day 2

  • Analytic Process
  • Internet Research
  • Traffic Analysis
  • Attribution

Day 3

  • Research Techniques
  • Start-to-Finish Protocol Analysis
  • Regular Expressions
  • Analysis beyond Wireshark
  • Security Protocols

Day 4

  • Referrers
  • User Agents
  • Cookies
  • Analysis of a Big Capture File
  • Tips and Tricks

Day 5 – Student Practical Demonstration

Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will participate in a competitive capture-the-flag exercise. Designed to challenge the participants, each correctly completed milestone will unlock a successively more difficult challenge.

Courses That Follow This Course

Request More Info About This Course

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...