Course Description

Artistic image of a transparent grey lock with a holographic blue and purple representation of a network

This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics. The course includes real-world, hands-on scenarios featuring packet captures from network attacks and forensics investigations. Attendees will learn how to reconstruct network intrusions and extract information, such as credentials, images, malware, and Indicators of Compromise (IOCs) from packet capture files. Attendees will also learn how to piece together and extract network evidence and tie the evidence to a suspect. Wireshark is the primary tool used throughout this course, but other tools and techniques are covered as well.

Course Outline

  • Network and Traffic Analysis Basics
  • Wireshark Overview and Use
  • Working with Captured Packets – Lower-Level Protocols
  • Working with Captured Packets – Higher-Level Protocols
  • Basic Real World Scenarios
  • Protocol Dissection
  • Tools: Wireshark, Network Miner, MaxMind GeoIP Databases

Learner Outcomes

  • Perform malware analysis
  • Perform penetration testing
  • Recognize if someone is a Man-In-The-Middle (MITM), sniffing your traffic at Starbucks, the hotel, etc.
  • Troubleshoot network applications or network latency
  • Track down infected users and top bandwidth consumers
  • Perform incident response
  • Want to know if you are infected with malware


General knowledge of TCP/IP, networking, and the OSI Model. Exposure to networking protocols and technologies such as DNS, DHCP, ICMP, FTP, HTTP, SMTP, and ARP.

Applies Towards the Following Certificates

Thank you for your interest in this course. Unfortunately, the course you have selected is currently not open for enrollment. Please complete a Course Inquiry so that we may promptly notify you when enrollment opens.
Required fields are indicated by .