Security devices on a network scoop up traffic and then analyze the field values to allow or deny specific traffic. As smart as the devices are, there are times when some threats slip through the cracks. Wireshark is a free protocol analysis tool that is used to baseline a network, actively monitor changes, identify common attack signatures, build firewall rules, detect issues, and quickly remove threats from the network. This course covers how to use Wireshark for deep packet analysis, capturing, and forensics. Learn how to keep your networks secure against malware and cyberattacks by implementing solutions that detect and handle unusual traffic.
– [Instructor] Hello, I’m Lisa Bock, and I’m a security ambassador, and I’m super excited that you can join me for Wireshark: Malware and Forensics. Routinely examining network traffic is important in an organization as part of an overall security framework. In this course, we will analyze network traffic using Wireshark, a free and open source packet analysis tool. Participants will learn how Wireshark can uncover advanced persistent threats on a network that elude detection and hide in plain sight. I’ll first review cyber attacks and trends and why you should do deep packet analysis using Wireshark and tshark and review how to tap into your network. I’ll dive into a capture overview, including baselining the network, displaying capture filters, and coloring rules to highlight potential malware signatures. I’ll look at unusual traffic and indications of compromise. I’ll discuss ports associated with malware and common attack signatures. I’ll finish up with some case studies and what…