LinuxCBT Packet | Capture | Analysis Edition encompasses: 1. Packet Capture and Analysis Security featuring Ethereal®.

LinuxCBT Packet | Capture | Analysis Edition is unparalleled in content, depth and expertise. It entails 9-hours, or ~1-day of classroom training. LinuxCBT Packet | Capture | Analysis Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT Packet | Capture | Analysis Edition cost-effectively sharpen your Packet Capture and Analysis Security skills!

Recommended Prerequisites for:

• Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
  • Open mind & determination to master Linux and related open-source applications
  • Basic understanding of networking concepts
  • Access to a PC to follow the exercises

Packet Capture Analysis Security feat. Ethereal® - Module VI

• Introduction - Topology - Features
  • Discuss course outline
  • Explore system configuration
  • Identify key network interfaces to be used for captures
  • Identify connected interfaces on Cisco Switch
  • Explore network topology - IPv4 & IPv6
  • Identify Ethereal installation
  • Enumerate and discuss key Ethereal features
• Ethereal® Graphical User Interface (GUI)
  • Identify installation footprint
  • Differentiate between promiscuous and non-promiscuous modes
  • Configure X.org to permit non-privileged user to write output to screen
  • Launch Ethereal GUI
  • Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
  • Discuss defaults
  • Explore key menu items
• TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
  • Discuss defaults, features and applications
  • Use TCPDump on Linux to capture packets
  • Log traffic using default PCAP/TCPDump format
  • Discuss Berkeley Packet Filters (BPFs)
  • Capture and log specific packets using BPFs for analysis with Ethereal
  • Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
  • Install WinDump and WinPCAP on Windows 2003 Server
  • Identify available network interfaces using WinDump
  • Capture and log packets using WinDump
  • Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
  • Upload captures to Linux system for analysis in Ethereal
• Snort® NIDS Packet Capturing & Logging
  • Discuss Snort NIDS's features
  • Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
  • Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
  • Download, verify, compile and install Snort NIDS
  • Discuss BPF directional, type, and protocol qualifiers
  • Identify clear-text based network applications and define appropriate BPFs
  • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
  • Log to the active pseudo-terminal console and examine the packet flows
  • Combine BPF qualifiers to increase packet-matching capabilities
  • Use logical operators to define more flexible BPFs
  • Create captures for further analysis with Ethereal
• Sun Snoop Packet Capturing & Logging
  • Connect to Solaris 10 system and prepare to use Snoop
  • Draw parallels to TCPDump
  • Enumerate key features
  • Sniff and log generic traffic
  • Sniff and log specific traffic using filters
  • Sniff using Snoop, HTTP and FTP traffic
  • Save filters for analysis by Ethereal
  • Snoop various Solaris interfaces for interesting traffic
• Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
  • Launch Ethereal
  • Identify sniffing interfaces
  • Capture Address Resolution Protocol (ARP) Packets using Capture Filters
  • Discuss and Identify Protocol Data Units (PDUs)
  • Identify default Ethereal capture file
  • Peruse packet capture statistics
  • Identify Cisco VOIP router generating ARP requests
  • Peruse time precision features - deci - nano-seconds
  • Discuss time manipulations - relative to first packet - actual time
  • Reveal protocol information from layer-1 through 7
  • Identify network broadcasts in the packet stream
  • Generate Layer-2 ARP traffic using PING and capture and analyze results
  • Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
• User Datagram Protocol (UDP) Captures & Analyses
  • Discuss UDP Characteristics
  • Focus on Network Time Protocol (NTP)
  • Setup NTP strata for testing between multiple systems
  • Analyze NTP - UDP traffic using Ethereal
  • Focus on Domain Name Service (DNS)
  • Install a BIND DNS Caching-Only Server
  • Analyze DIG queries
  • Analyze 'nslookup' queries
• Transmission Control Protocol (TCP) Captures & Analyses
  • Discuss TCP Characteristics - Connection-Oriented Services
  • Explain TCP connection rules - Socket creation
  • Sniff TCP traffic using Capture Filters in Ethereal
  • Use Display Filters to parse TCP traffic
  • Sniff FTP traffic
  • Reconstruct FTP flows using TCP Stream Reassembly
  • Differentiate between client and server flows
  • Quantify client and server flows
  • Discuss embedded Protocol Data Units (PDUs)
  • Sniff Internet Protocol Version 6 (IPv6) traffic
  • Peruse and discuss the IPv6:TCP:FTP traffic dump
  • Analyze TCP Sockets
• Ethereal Display Filters - Post Processing Filters
  • Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
  • Discuss features
  • Explain Display Filter syntax
  • Post-process previously captured traffic dumps
  • Identify the various methods to exact display filters
  • Filter data using the expression builder
  • Filter traffic based on interesting properties
  • Filter traffic using logical operators
• Ethereal Statistics
• Discuss features
• Explore the summary (metadata) of captured packets
• Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
• Examine network conversations of captured packets
• Identify Destinations in packet dumps
• Examine ICMP statistics
• Text-based Captures with Tethereal
  • Discuss features and applications
  • Identify 'tethereal' and invoke
  • Enumerate network interfaces
  • Sniff generic network traffic
  • Suppress capture output
  • Apply Capture Filters
  • Capture UDP Traffic
  • Capture TCP Traffic
• Intranet-based Captures & Analysis
  • Discuss Intranet monitoring objectives
  • Analyze the network topology drawing
  • Discuss Unicast, Broadcast and Multicast traffic
  • Discuss Switch Port Mirroring - SPAN
  • Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
  • Dedicate a network interface for sniffing traffic
  • Configure Snort NIDS to sniff traffic on dedicated network interface
  • Analyze Snort NIDS captures in Ethereal
  • Sniff traffic between various Intranet hosts
• Internet-based Captures & Analysis
  • Discuss Internet monitoring objectives
  • Identify key external interfaces to monitor
  • Update the Port Mirroring configuration to capture Internet traffic
  • Capture external traffic
  • Analyze using Ethereal
• Wireless-based Captures & Analysis
  • Discuss Wireless monitoring objectives
  • Connect to remote system with wireless interface
  • Enable wireless interface
  • Sniff traffic on wireless network
  • Analyze using Ethereal
• Windows-based Captures & Analysis on Windows
  • Download and Install Ethereal for Windows
  • Explore interface
  • Load previously captured data
  • Analyze data
  • Compare and contrast with Ethereal for Linux|Unix systems
• WireShark® on MacOSX®
  • Download and Install
  • Explore interface
  • Load previously captured data
  • Analyze data
  • Capture new data
  • Evaluate results
• top