ADLER-TECH

Advanced Wireshark: Forensics, Automation, and Specialized Protocol Analysis

Duration: 21 Hours (3 Days) Focus: Command-Line Automation, Security Diagnostics, VoIP, and Application Layer Troubleshooting

TShark for Analysis (Using TShark to analyze trace files and output data from the command line).
Dumpcap for Capture (Using Dumpcap for high-performance Command-Line capture).
Trace File Statistics (Using the Capinfos Command-Line Tool to query capture file metadata).
File Editing (Modifying trace files with Editcap Command-Line Tool (e.g., stripping packets, time shifting)).
File Merging (Combining multiple captures with Mergecap Command-Line Tool).
Text Conversion (Creating capture files from text output using Text2pcap Command-Line Tool).

File Splitting (Techniques to Split and Merge Trace Files for focused analysis).

Advanced Capture Filters (Writing advanced Capture filters scripts using Boolean logic and protocol stacks).
Advanced Display Filters (Writing Advanced Display filters for complex field comparisons and conditional logic).
Triggered Filtering (Using triggered filters and related techniques for automated identification).

Congestion Diagnostics (Dealing with network congestion—identifying symptoms like shattered windows and flooding).
Baselining (Establishing and comparing Baseline network communications).
Anomaly Detection (Identifying Unusual network communications that deviate from the baseline).
Protocol Vulnerabilities (Identifying Vulnerabilities in the TCP/IP resolution process (e.g., fragmentation issues)).
Case Studies (Lab exercises and case studies applying expert system analysis).

Traffic Identification (Who is talking?—Identifying top talkers and connections).
Scan Detection (Identifying and analyzing Port Scans, Mutant Scans, and IP Scans).
Network Discovery (Performing Application Mapping).
Host Identification (Techniques for OS Fingerprinting via network traces).
Case Studies (Lab exercises and case studies on detecting probing behavior).

SIP Troubleshooting (SIP analysis and troubleshooting—understanding call setup and teardown).
Media Analysis (Analyzing RTP, RTCP and media analysis for quality metrics (Jitter, Loss)).
Custom Profiles (Creating VoIP filters and analysis profiles for rapid diagnostics).
VoIP Labs (Lab exercises and case studies focused on common call quality issues).

Web Services (HTTP analysis and troubleshooting—latency, status codes, persistent connections).
File Transfer (FTP analysis and troubleshooting—control and data channel issues).
Name Resolution (DNS operation and troubleshooting—caching, resolution failures, query analysis).
Multimedia (Video transmission analysis (e.g., streaming protocols)).
Database Issues (Diagnosing Databases network-related problems (e.g., query timing, connection resets)).

Information Gathering (Gather information – what to look for in a security investigation).
Pattern Recognition (Identifying Unusual traffic patterns indicative of compromise).
Tool Integration (Integrating analysis with Complementary tools).

Address Deception (Detecting MAC and IP address spoofing).
ARP Attacks (Identifying and analyzing ARP poisoning attempts).
Attack Signatures (Identifying Attacks signatures and signature locations).
TCP Anomalies (Analyzing Header and sequencing signatures, TCP splicing and unusual traffic).
Malicious Traffic (Detecting maliciously malformed packets).

Exploits (Analyzing traces for signatures of Attacks and exploits).
Availability Attacks (Analyzing signatures for DoS and DDoS Attacks).
Scanning Behavior (Identifying Protocol scans).
Forensics Labs (Lab exercises and case studies on identifying post-compromise activity).