Network Packet Analysis (NPA)

  • About NPA Course
  • Lab Access
  • Prerequisites
  • Topics
  • Fee and Deliverables

 

CEC red logo3

Network Packet Analysis (NPA)

Google Review

 The Network Packet Analysis (NPA) course starts with the fundamental networking basic concepts, networking methodologies. This course will drive you into necessary software tools to analyze network data packet traffic for the purpose of intrusion and threat detection, network defense and primarily to identify offensive operations by attackers.

NPA is an outstanding industry standard training program for participant who are interested in analyzing traffic to learn how a program or application works using network, or determining if a networked device is infected with malware or intruders. If you perform incident response or are involved with investigations, this course will help you take your skills to the next level. Wireshark will be used as the primary analysis tool.

Wireshark® is an open source Network Packet Analyzer for analyzing the TCP/IP communications. The participants will experience the use of Wireshark to identify problems in TCP/IP communications. At the end of the workshop, all the participants will have practical knowledge of how to use Wireshark efficiently to analyze and trouble shoot network performance problems.

Benefits of NPA

  • What is Live network traffic, the need for its analysis.
  • Capture packets on wired networks.
  • Use time values to identify network performance problems.
  • Filter out traffic for more efficient troubleshooting and analysis.
  • Implement Wireshark coloring rules to focus on network problems faster.
  • Live demonstration on how attacks, vulnerabilities and defensive method can be done Network layer to Application layer.
  • Use Wireshark's Expert System to understand various traffic problems.
  • Use the TCP/IP Resolution Flowchart to identify possible communication faults.
  • Analyze usual/unusual Domain Name System (DNS) traffic
  • Analyze usual/unusual Address Resolution Protocol (ARP) traffic
  • Analyze usual/unusual Internet Protocol v4 (IPv4) traffic.
  • Analyze usual/unusual Internet Control Messaging Protocol (ICMP) traffic
  • Analyze usual/unusual User Datagram Protocol (UDP) traffic
  • Analyze usual/unusual Transmission Control Protocol (TCP) traffic
  • Analyze usual/unusual Hypertext Transport Protocol (HTTP/HTTPS) traffic

 

 

For Query & Registration

 

For Queries, Contact - 044-39 572 572

Participant Feedback

 

Upcoming events

CISA Certification Training
24-11-2018 9:00 am
EC-Council Certified Security Analyst (ECSA)
24-11-2018 9:30 am

 

About Trainer

All our consultants are senior professional with tremendous exposure to Information Security and Governance Risk & Compliance. With over a decade of experience in training & consulting, they help bring a lot of practical and industry relevant examples with case studies to the classroom which improves the overall learning experience. Our professional hold industry acclaimed accreditation such as : Phd , M.S , CISSP, CHFI, CISA, CISM, CEH, ISO 27001 LI / LA, CCNP, CWNA , MCSE & ITIL.

 

 

 

 

server1
Uninterrupted Dedicated Server
work from home
Work From Home
gaming mod threats
Learn With Fun

 

infySEC IS Lab is an extreme Online Virtual Remote Lab provided to participants where they can work from any place at any point of time without restriction. ISLab provides login privilege to Network Packet Analysis participants where they can work in our Virtual Remote Server and start doing their Labs.

Our ISLab was created in such a concept called “Learn with Fun” where each participant will face gaming-like structured online hacking program called 'Live Hacking Zone' which contains many Levels relevant to the topics covered on the program. Each participant has to cross levels to face NPA exam, Hence NPA will only deliver equipped candidates. Participant have to cross multiple Levels starting with easy to toughest level. Each participant can track other participants activity live which helps each participants to get involved into Live Hacking Zone competition, Prepare to be SHOCKED, ENTERTAINED and EDUCATED all at the same time.

 

Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at www.wireshark.org.


1. Binding interface to Analyzer, Capture Traffic to/from the Hardware Address using the Ring Buffer method and Capture filter method.

2. Capture traffic on Cabling system and save it to the Disk

3. The Navigation methods, locating strings in a Trace File

4. Set Time Display format and trace delays in the packet transfer process.

5. Capture and Analysis of ARP packets. ARP Padding, Layer 2 Broadcast identification, Need for L2 broadcasting, Encapsulation process, Analysing ARP Payload

6. Capture ICMP traffic and analyse the packets for Type number and Code number of the ICMP packet captured.

7. Unusual ICMP packets. Capturing TTL manipulated packets and Anaysis (Tracert). TTL expired in Transit, Type 3 Code 3 Packet Analysis

8. Filter the traffic with specific Parameters.

9. Understand the Status bar while capturing and filtering the packets.

10. Capture / Open Trace files and Find, Mark, Save, and Colorize Packets

11. Capture live packets. Filter the traffic using display filters. Use various display filter parameters and analyse.

12. Capture and analyse DHCP DORA process packets, Analyse the DHCP Error Message packet, Leasing Parameters.

13. Installation of DNS Server, Creating zone and resource records, Capturing the DNS Traffic, Analyse DNS Query & Response, Unusual DNS packets and Filtering packets based on DNS parameters.

14. Capture and Analyse the Network Layer Header, Source IP, Destination IP,  Time difference between  the request and response, IPV4 parameters.

15. Capture UDP Traffic. Analyse source port and destination port. Filtering on UDP destination port parameters.

16. Capture the packets of TCP 3 way handshake and analyse the Sequence numbers, Port numbers, Acknowledgement numbers and understanding relative sequence numbers configuration.

17. Analysing each parameter in the TCP Flags. Filtering TCP packets based on flag parameters / Values.

18. Capture and Analyse HTTP packets, the Source IP, Destination IP, Source and Destination Port numbers, packet fragmentation details, Reassembly of packets, size of the fragment. Capture and Analysis of SSL encrypted (HTTPS) Traffic

19. Capture and analysis of FTP Traffic, the Control Connections and Data connection handshakes. Identify a Clear Text Password in FTP Traffic and the TCP handshake and tear down process for FTP traffic.

20. Retrieving the downloaded file using Trace file.

Good understanding of basic network concepts and TCP/IP fundamentals. You should know the purpose of a switch, a router, and a firewall. You should also be familiar with the concepts of Ethernet networking, basic wireless networking, and be comfortable with IP network addressing.

 

Who Should Attend

  • Computer Forensics/Digital Forensics Professionals
  • Incident Response Personnel
  • Information Security Professionals
  • IT Managers
  • Law Enforcement Personnel
  • Legal Professionals
  • Network Administrators and Architects
  • System Administrators

 

Things required to attend NPA course:

  • One Passport Size Photo During Registration
  • Photocopy of your ID card during registration
  • Participant have to bring their own WiFi enabled laptop,High Speed WiFi Internet facility will be provided

The content of infySEC syllabuses is regularly updated to ensure that it remains relevant and reflects the latest thinking in par with the scenario of current technology . However, as part of the latest review, the documents themselves have been given a fresh design.

certificate flow

FLOW OF NETWORK PACKET ANALYSIS COURSE

Below topics will be covered in NPA Course:

 

S.No: Topics
1 Introductory Analysis of TCP/IP communications
2 TCP and UDP communication parameters
3 The Wireshark Architecture
4 Traffic capturing techniques and analyzer placement
5 Capture filters
S.No: Topics
6 Display Filters
7 Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
8 Packet structure of ARP, ICMP, DNS, IP, TCP, UDP, HTTP, HTTPS (SSL) traffic
9 Service refusals
10 TCP and UDP behavior towards Open/Closed ports

Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at www.wireshark.org.

1 Introduction to Network Analysis and Wireshark
 
  • TCP/IP Packet structure Analysis
  • Causes of Performance Problems
  • Architecture of Wireshark
  • Capturing Traffic (Capture Filters)
  • Opening Trace Files
  • Navigation on important tool bars
  • The Changing Status Bar when traffic is filtered
  • Right-Click Functionality
  • Hands-on Lab
2 Analyze ARP Traffic
 
  • ARP Overview
  • ARP Packet Structure
  • Filter on ARP Traffic
3 Analyze ICMP Traffic
 
  • ICMP Overview
  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • ICMP parameter manipulation
  • Packet Analysis of the Tracert command
  • TTL Expired in Transit
4 Learn Capture Methods and Use Capture Filters
 
  • Checksum Issues at Capture
  • Analyze Switched Networks
  • Initial Analyzing Placement
  • Available Capture Interfaces
  • Save Directly to Disk
  • Capture File Configurations
  • Limit Your Capture with Capture Filters
  • Examine Key Capture Filters
  • Hands-on Lab
5 Configure Global Preferences
 
  • First Step: Create a Troubleshooting Profile
  • Customize the User Interface
  • Add Custom Columns for the Packet List Pane
  • Set Your Global Capture Preferences
  • Define Name Resolution Preferences
  • Configure Individual Protocol Preferences
6 Navigate Quickly and Focus Faster with Coloring Techniques
 
  • Navigation Techniques
  • Find a Packet Based on Various Characteristics
  • Build Permanent Coloring Rules
  • Identify a Coloring Source
  • Mark Packets of Interest
7 Focus on Traffic Using Display Filters
 
  • Display Filters
  • Filter on Conversations/Endpoints
  • Build Filters Based on Packets
  • Display Filter Syntax
  • Use Comparison Operators and Advanced Filters
  • Filter on Text Strings
  • Build Filters Based on Expressions
8 TCP/IP Communications and Name Resolutions Overview
 
  • TCP/IP Functionality
  • The Multi-Step Resolution Process
  • Resolution Helped Build the Packet
  • Typical Causes of Slow Performance
9 Analyze IPv4 Traffic
 
  • IPv4 Overview
  • IPv4 Packet Structure
  • Analyze Broadcast/Multicast Traffic
  • Filter on IPv4 Traffic
  • IP Protocol Parameters
10 Analyze UDP Traffic
 
  • UDP Overview
  • Watch for Service Refusals
  • UDP Packet Structure
  • Filter on UDP Traffic
11 Analyze DNS Traffic
 
  • DNS Overview
  • DNS Packet Structure
  • DNS Query request and Query Responses
  • Filter on DNS Traffic
  • Analyze Normal/Problem DNS Traffic
12 Analyze TCP Protocol
 
  • TCP Overview
  • The TCP Connection Process
  • TCP 3 way Handshake Process
  • Sequence numbers and Relative sequence numbers
  • Analysing the Acknowledgement numbers with sequence numbers
  • Watch Service Refusals
  • TCP Packet Structure
  • Packet Loss Detection in Wireshark
  • Retransmission Detection in Wireshark
  • Out-of-Order Segment Detection in Wireshark
  • Selective Acknowledgement (SACK)
  • Troubleshoot TCP Quickly with Expert Info
  • Filter on TCP Traffic and TCP Problems
  • Follow TCP Streams to Reassemble Data
13 Analyze HTTP Traffic
 
  • HTTP Overview
  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Reassembling HTTP Objects
  • HTTP Statistics
14 Analyze SSL-Encrypted Traffic (HTTPS)
 
  • Overview of SSL communications
  • Examining SSL/HTTPS Traffic
  • Filter on SSL
15 Analyze File Transfer Protocol (FTP) Traffic
 
  • FTP Overview
  • FTP Packet Structure
  • Analyzing FTP communications
  • FTP connection establishment for Control connection and Data connection
  • FTP Data communication port analysis
  • Filter on FTP Traffic
16 Analyze DHCP Packets
 
  • DHCP Overview
  • Discover
  • Offer
  • Request
  • Acknowledgement
  • Lease period, T1 value and T2 Value
  • Filtering DHCP packets
17 Troubleshooting Steps
 
  • Normal and abnormal communication analysis
  • Colouring techniques
  • Traffic flow: Examine Conversations and Endpoints
  • Focus by Filtering
  • Examine Delta Time Values
  • Examine the Expert System
  • Follow the Streams
  • Watch Refusals and Redirections

NPA Course fee

Rs.18,000 Nett

Deliverables includes

  • Course topics covering
  • IS Lab access
  • Handbook
  • DVD which consists of necessary software tools
  • NPA Course Certificate

NPA User Friendly DVDs

It Is Mandatory That You Get Proper Written Permission From Your Organization Before Using Our Course Software, Tools And Techniques On Your Company Networks And Systems For Any Sorts Of Testing Or Services You Lend. If You Are Planning For Any Kind Beneficiary Security Testing Inside Your Organization, It Is Advised To Intimate Your Network And Computer Operations Teams In Written Form Before You Start Any Testing. If You Are Planning For Any Kind Beneficiary Security Testing For Your Clients, It Is Advised To Sign An Non Disclosure Agreement From The Respective Stakeholders In Written Form Before You Start Any Testing.

In Depth HandBook Guide

Each page in course HandBook has been carefully designed with intense care and necessary relevant screenshots included for participant easy understanding.Also this handbook will not be available in local market or book publishing houses.

NPA Course Certificate

You will receive a infySEC Certificate of Completion upon successful completion of our NPA training program.

What Is needed To participate during Training Period ?

  • One passport size photo during registration
  • Photocopy of your ID card during registration
  • Participant have to bring their own WiFi enabled laptop,High Speed WiFi Internet facility will be provided

 

Mode of registration

1. Online fund Transfer

2. Cash payment in training office.