TECHNOLOGY CONTROL CO., profile picture
Uploaded byTECHNOLOGY CONTROL CO.
6,808 views

Network traffic analysis course

This document provides an overview of network traffic analysis. It discusses why traffic analysis is useful for gaining knowledge about a network, investigating issues, and network forensics. It also summarizes the basics of TCP/IP protocols, packet sniffing tools like Wireshark and Tcpdump, and how to analyze network traffic captures for troubleshooting and security purposes. Hands-on network forensics examples are provided to demonstrate these concepts.

Embed presentation

Downloaded 290 times
Network Traffic Analysis Presented By Ahmed Elshaer Security Operation Specialist
Agenda ● Why Traffic Analysis ● TCP/IP Review ● The Protocols ● Tcpdump/Tshark Basics ● Wireshark Foundation ● Hands-On Network Forensics
Why Traffic Analysis ? ● Gain special knowledge about the network. ● Investigate and troubleshoot abnormal behavior – Abnormal packets. – Network slow performance. ● Congestion. ● Retransmission. – Unexpected traffic. – Broken applications. – Load balancer issues.
Why Traffic Analysis ? ● Network Forensics – Collecting evidence. – Incident Handling. – Tracing attacks. – Linking infected hosts. – Determining patient zero. ● Stealing Sensitive information ● Pen-testing. ● Developing IPS/IDS signatures.
How Packet Sniffer Works ● Collection – the packet sniffer collects raw binary data from the wire. ● Conversion – the captured binary data is converted into a readable form ● Analysis – the actual analysis of the captured and converted data. – The packet sniffer verifies its protocol based on that protocol’s specific features.
TCP/IP Overview: OSI Model
TCP/IP Overview: OSI Model
Network Traffic Analysis
Network Traffic Analysis ● Protocols – Ethernet – IP – TCP/UDP – DNS – DHCP – FTP – Telnet – HTTP
Ethernet Frame
IP Packet
TCP Packet
TCP session initiation/termination
TCP session initiation/termination
UDP
The Big Picture !!!
Network Traffic Analysis ● BPF Filters, what !!! – Berkley Packet Filter – A knowledge of BPF syntax is crucial as you dig deeper into networks at the packet level. – Allow you to specify exactly which packets you want to capture. – Get rid or Packets you don't want to capture – BPF is how you talk to the Network Drivers :)
Network Traffic Analysis
Network Traffic Analysis ● Command Line Tools: – TCPdump – Tshark – Dumpcap, why !!! ● Graphical Tools: – Wireshark
Network Traffic Analysis ● TCPDUMP Basics (1)
Network Traffic Analysis ● TCPDUMP Basics (2)
Network Traffic Analysis ● TCPDUMP Basics (3)
Network Traffic Analysis ● TCPDUMP Examples (1): – $sudo tcpdump -n -i eth0 -c 5 – $sudo tcpdump -n -i eth0 -c 10 -w test01.pcap – $tcpdump -n -r test01.pcap – $sudo tcpdump -n -i eth0 -c 10 - w icmp.pcap icmp – $sudo tcpdump -n -i eth0 -s 0 port 53 – $sudo tcpdump -n -i eth0 -s 0 port 53 and tcp – $sudo tcpdump -n -i eth0 -s 0 tcp port 53 – $sudo tcpdump -n -r icmp.pcap host 192.168.56.104
Network Traffic Analysis ● TCPDUMP Examples (2): – $sudo tcpdump -n -r icmp.pcap src host 10.10.5.10 – $sudo tcpdump -n -r icmp.pcap dst host 10.18.6.10 – $sudo tcpdump -n -r icmp.pcap net 10.10.56.0 – $sudo tcpdump -n -r icmp.pcap src net 10.10.56.0 – $sudo tcpdump -n -r icmp.pcap dst net 10.10.56.0 ● Bash !!! for file in ` find /pcaps/ -name '*.pcap' `; do tcpdump -r $file 'port 21' -A|grep -iE 'USER|PASS' ; done
Network Traffic Analysis ● Tshark, Advanced analysis capabilities ● Tshark = tcpdump++ ● Tshark Examples(1): – To list the interfaces ● tshark -D – To listen on interface ● tshark -i eth0 ● tshark -i 1
Network Traffic Analysis ● Tshark Example (2): ● tshark -n -i wlan0 -p -a filesize:1000 -w 1MB.pcap ● tshark -n -i 7 -c 1000 -w test01.pcap -f 'tcp port 80' ● tshark -n -i 7 -f 'port 53' ● tshark -R "ip.addr == 192.168.56.101" -r test01.pcap ● tshark -R "not arp and not (udp.port == 53)" -r test.pcap ● tshark -Y "http contains user" -r httpcap.pcap -x ● tshark -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -E header=y -r test01.pcap
Network Traffic Analysis ● Dumpcap – a network traffic dump tool – It captures packet data from a live network and writes the packets to a file. – Why should I use it !!!
Network Traffic Analysis ● Wireshark Basic Operations – Live Capture – Open PCAP File – Basic Filters – Follow TCP Stream – Time Stamps – Expert Info – Statistics
Network Traffic Analysis ● Wireshark Packet Inspection – ARP – IP – TCP – HTTP – FTP – DNS – DHCP
Network Traffic Analysis ● Wireshark Advanced Tasks – SSL Decryption – Network Forensics and File Carving ● Extract Files from FTP ● Extract Files from HTTP
Network Traffic Analysis CTF Time
References/more resources ● http://www.chrisbrenton.org/category/security/network/ ● http://packetlife.net/library/cheat-sheets/ ● Practical Packet Analysis - NoStarchPress ● http://packetlife.net/captures/ ● http://wiki.wireshark.org/SampleCaptures ● http://www.netresec.com/?page=PcapFiles ● Network Analysis Sessions By Ahemd Adel

More Related Content

PDF
Network Monitoring System ppt.pdf
bykristinatemen
 
PDF
Wireshark Traffic Analysis
byDavid Sweigert
 
PDF
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
PPT
Wireshark Basics
byYoram Orzach
 
PPTX
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
PPTX
Authentication service security
byPrachi Gulihar
 
PPTX
Wireshark
byKasun Madusanke
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
Network Monitoring System ppt.pdf
bykristinatemen
 
Wireshark Traffic Analysis
byDavid Sweigert
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
Wireshark Basics
byYoram Orzach
 
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
Authentication service security
byPrachi Gulihar
 
Wireshark
byKasun Madusanke
 
Packet analysis using wireshark
byBasaveswar Kureti
 

What's hot

PPTX
Virtual private network, vpn presentation
byAmjad Bhutto
 
PPTX
Packet sniffing
byShyama Bhuvanendran
 
PPTX
Intrusion detection and prevention system
byNikhil Raj
 
PPTX
Types of Cyber Security Attacks- Active & Passive Attak
bySouma Maiti
 
PPTX
Wireshark
bySourav Roy
 
PPTX
Nat
byHumaira Saleem
 
PPTX
Intrusion detection
byCAS
 
PDF
Ch 5: Port Scanning
bySam Bowne
 
PPTX
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
PPTX
Ethical Hacking - sniffing
byBhavya Chawla
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PPTX
Packet sniffers
byRavi Teja Reddy
 
PPTX
Http Vs Https .
bysimplyharshad
 
PPTX
Network forensic
byManjushree Mashal
 
PPTX
Virtual Private Networks (VPN) ppt
byOECLIB Odisha Electronics Control Library
 
PPTX
Intrusion Detection System(IDS)
byshraddha_b
 
PPTX
Computer Networking
bykieshore
 
PPT
IDS and IPS
bySantosh Khadsare
 
PPT
Firewall & its configurations
byStudent
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
Virtual private network, vpn presentation
byAmjad Bhutto
 
Packet sniffing
byShyama Bhuvanendran
 
Intrusion detection and prevention system
byNikhil Raj
 
Types of Cyber Security Attacks- Active & Passive Attak
bySouma Maiti
 
Wireshark
bySourav Roy
 
Nat
byHumaira Saleem
 
Intrusion detection
byCAS
 
Ch 5: Port Scanning
bySam Bowne
 
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
Ethical Hacking - sniffing
byBhavya Chawla
 
Footprinting and reconnaissance
byNishaYadav177
 
Packet sniffers
byRavi Teja Reddy
 
Http Vs Https .
bysimplyharshad
 
Network forensic
byManjushree Mashal
 
Virtual Private Networks (VPN) ppt
byOECLIB Odisha Electronics Control Library
 
Intrusion Detection System(IDS)
byshraddha_b
 
Computer Networking
bykieshore
 
IDS and IPS
bySantosh Khadsare
 
Firewall & its configurations
byStudent
 
Pen Testing Explained
byRand W. Hirt
 

Viewers also liked

PDF
Telecommunication switching system
byMadhumita Tamhane
 
PPT
Switching systems lecture1
byJumaan Ally Mohamed
 
PPT
Switching systems lecture2
byJumaan Ally Mohamed
 
PPT
Telecommunications and networks
byProf. Othman Alsalloum
 
PPT
Switching systems lecture3
byJumaan Ally Mohamed
 
PDF
1 Telecommunication Switching Systems And Networks
byguestac67362
 
PPTX
Traffic analysis
bySrashti Vyas
 
PDF
Design and Simulation Microstrip patch Antenna using CST Microwave Studio
byAymen Al-obaidi
 
PPTX
Basic of telecommunication presentation
byhannah05
 
Telecommunication switching system
byMadhumita Tamhane
 
Switching systems lecture1
byJumaan Ally Mohamed
 
Switching systems lecture2
byJumaan Ally Mohamed
 
Telecommunications and networks
byProf. Othman Alsalloum
 
Switching systems lecture3
byJumaan Ally Mohamed
 
1 Telecommunication Switching Systems And Networks
byguestac67362
 
Traffic analysis
bySrashti Vyas
 
Design and Simulation Microstrip patch Antenna using CST Microwave Studio
byAymen Al-obaidi
 
Basic of telecommunication presentation
byhannah05
 

Similar to Network traffic analysis course

PPT
Traffic-Monitoring.ppt
bySenthil Vit
 
PPT
Traffic-Monitoring.ppt
byToffeeLomerz
 
PPT
Traffic-Monitoring.ppt
byssuser0a05422
 
PDF
wireshark.pdf
byssuserafc27c
 
DOCX
Experiment 7 traffic analysis
bynikitaa25
 
PPTX
Packet Analysis - Course Technology Computing Conference
byCengage Learning
 
PPT
Traffic monitoring
byRadu Galbenu
 
PPT
an_introduction_to_network_analyzers_new.ppt
byIwan89629
 
PDF
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
PPT
Day2
byJai4uk
 
PDF
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 
PDF
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
byJessica Thompson
 
PDF
Debugging applications with network security tools
byConFoo
 
PDF
Analysis of network traffic by using packet sniffing tool wireshark
byIJARIIT
 
PDF
CNIT 121: 9 Network Evidence
bySam Bowne
 
PDF
CNIT 152: 9 Network Evidence
bySam Bowne
 
PPTX
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
byOWASP Delhi
 
PDF
CNIT 50: 6. Command Line Packet Analysis Tools
bySam Bowne
 
PDF
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
DOCX
Chapter 3. sensors in the network domain
byPhu Nguyen
 
Traffic-Monitoring.ppt
bySenthil Vit
 
Traffic-Monitoring.ppt
byToffeeLomerz
 
Traffic-Monitoring.ppt
byssuser0a05422
 
wireshark.pdf
byssuserafc27c
 
Experiment 7 traffic analysis
bynikitaa25
 
Packet Analysis - Course Technology Computing Conference
byCengage Learning
 
Traffic monitoring
byRadu Galbenu
 
an_introduction_to_network_analyzers_new.ppt
byIwan89629
 
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
Day2
byJai4uk
 
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
byJessica Thompson
 
Debugging applications with network security tools
byConFoo
 
Analysis of network traffic by using packet sniffing tool wireshark
byIJARIIT
 
CNIT 121: 9 Network Evidence
bySam Bowne
 
CNIT 152: 9 Network Evidence
bySam Bowne
 
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
byOWASP Delhi
 
CNIT 50: 6. Command Line Packet Analysis Tools
bySam Bowne
 
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
Chapter 3. sensors in the network domain
byPhu Nguyen
 

Recently uploaded

PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
AI Technology important knowledge ......
byutkarshj2007
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
In this document
Powered by AI

Overview of network traffic analysis presented by Ahmed Elshaer, emphasizing its importance in security operations.

Presentation agenda covering reasons for traffic analysis, TCP/IP review, protocols, and tools like Tcpdump and Wireshark.

Discusses benefits like investigating abnormal network behavior, network forensics, and collecting evidence.

Explains the packet sniffer process: collection of data, conversion to readable form, and analysis.

Introduces TCP/IP and OSI model, foundational concepts for understanding network communications.

Lists key protocols used in network analysis: Ethernet, IP, TCP/UDP, and more.

Discusses the structure of Ethernet frames, IP packets, TCP packets, session initiation, and UDP.

Introduction to BPF filters for capturing specific network packets, crucial for detailed analysis.

Overview of command line tools like Tcpdump and Tshark, alongside the graphical tool Wireshark.

Detailed introduction to TCPdump, including command examples for capturing traffic scenarios.

Explores Tshark's features for advanced network traffic analysis with various command examples.

Describes Dumpcap for packet capture and basic Wireshark operations for traffic analysis.

Shows Wireshark's inspection capabilities including advanced operations like SSL decryption.

Ends the presentation with a call to action (CTF Time) and references for further learning resources.

Network traffic analysis course

  • 1.
    Network Traffic Analysis PresentedBy Ahmed Elshaer Security Operation Specialist
  • 2.
    Agenda ● Why TrafficAnalysis ● TCP/IP Review ● The Protocols ● Tcpdump/Tshark Basics ● Wireshark Foundation ● Hands-On Network Forensics
  • 3.
    Why Traffic Analysis? ● Gain special knowledge about the network. ● Investigate and troubleshoot abnormal behavior – Abnormal packets. – Network slow performance. ● Congestion. ● Retransmission. – Unexpected traffic. – Broken applications. – Load balancer issues.
  • 4.
    Why Traffic Analysis? ● Network Forensics – Collecting evidence. – Incident Handling. – Tracing attacks. – Linking infected hosts. – Determining patient zero. ● Stealing Sensitive information ● Pen-testing. ● Developing IPS/IDS signatures.
  • 5.
    How Packet SnifferWorks ● Collection – the packet sniffer collects raw binary data from the wire. ● Conversion – the captured binary data is converted into a readable form ● Analysis – the actual analysis of the captured and converted data. – The packet sniffer verifies its protocol based on that protocol’s specific features.
  • 6.
  • 7.
  • 8.
  • 9.
    Network Traffic Analysis ●Protocols – Ethernet – IP – TCP/UDP – DNS – DHCP – FTP – Telnet – HTTP
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
    Network Traffic Analysis ●BPF Filters, what !!! – Berkley Packet Filter – A knowledge of BPF syntax is crucial as you dig deeper into networks at the packet level. – Allow you to specify exactly which packets you want to capture. – Get rid or Packets you don't want to capture – BPF is how you talk to the Network Drivers :)
  • 18.
  • 19.
    Network Traffic Analysis ●Command Line Tools: – TCPdump – Tshark – Dumpcap, why !!! ● Graphical Tools: – Wireshark
  • 20.
    Network Traffic Analysis ●TCPDUMP Basics (1)
  • 21.
    Network Traffic Analysis ●TCPDUMP Basics (2)
  • 22.
    Network Traffic Analysis ●TCPDUMP Basics (3)
  • 23.
    Network Traffic Analysis ●TCPDUMP Examples (1): – $sudo tcpdump -n -i eth0 -c 5 – $sudo tcpdump -n -i eth0 -c 10 -w test01.pcap – $tcpdump -n -r test01.pcap – $sudo tcpdump -n -i eth0 -c 10 - w icmp.pcap icmp – $sudo tcpdump -n -i eth0 -s 0 port 53 – $sudo tcpdump -n -i eth0 -s 0 port 53 and tcp – $sudo tcpdump -n -i eth0 -s 0 tcp port 53 – $sudo tcpdump -n -r icmp.pcap host 192.168.56.104
  • 24.
    Network Traffic Analysis ● TCPDUMPExamples (2): – $sudo tcpdump -n -r icmp.pcap src host 10.10.5.10 – $sudo tcpdump -n -r icmp.pcap dst host 10.18.6.10 – $sudo tcpdump -n -r icmp.pcap net 10.10.56.0 – $sudo tcpdump -n -r icmp.pcap src net 10.10.56.0 – $sudo tcpdump -n -r icmp.pcap dst net 10.10.56.0 ● Bash !!! for file in ` find /pcaps/ -name '*.pcap' `; do tcpdump -r $file 'port 21' -A|grep -iE 'USER|PASS' ; done
  • 25.
    Network Traffic Analysis ●Tshark, Advanced analysis capabilities ● Tshark = tcpdump++ ● Tshark Examples(1): – To list the interfaces ● tshark -D – To listen on interface ● tshark -i eth0 ● tshark -i 1
  • 26.
    Network Traffic Analysis ●Tshark Example (2): ● tshark -n -i wlan0 -p -a filesize:1000 -w 1MB.pcap ● tshark -n -i 7 -c 1000 -w test01.pcap -f 'tcp port 80' ● tshark -n -i 7 -f 'port 53' ● tshark -R "ip.addr == 192.168.56.101" -r test01.pcap ● tshark -R "not arp and not (udp.port == 53)" -r test.pcap ● tshark -Y "http contains user" -r httpcap.pcap -x ● tshark -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -E header=y -r test01.pcap
  • 27.
    Network Traffic Analysis ●Dumpcap – a network traffic dump tool – It captures packet data from a live network and writes the packets to a file. – Why should I use it !!!
  • 28.
    Network Traffic Analysis ●Wireshark Basic Operations – Live Capture – Open PCAP File – Basic Filters – Follow TCP Stream – Time Stamps – Expert Info – Statistics
  • 29.
    Network Traffic Analysis ●Wireshark Packet Inspection – ARP – IP – TCP – HTTP – FTP – DNS – DHCP
  • 30.
    Network Traffic Analysis ●Wireshark Advanced Tasks – SSL Decryption – Network Forensics and File Carving ● Extract Files from FTP ● Extract Files from HTTP
  • 31.
  • 32.
    References/more resources ● http://www.chrisbrenton.org/category/security/network/ ●http://packetlife.net/library/cheat-sheets/ ● Practical Packet Analysis - NoStarchPress ● http://packetlife.net/captures/ ● http://wiki.wireshark.org/SampleCaptures ● http://www.netresec.com/?page=PcapFiles ● Network Analysis Sessions By Ahemd Adel