Network & Host Analysis: Network Analysis Formats

Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level

---

Overview/Description

A variety of formats and protocols are used to help manage networks. Knowing what you have at your disposal to integrate into your operational duties is essential in defensive CyberOps. In this course, you'll learn the format and tools required to manage, operate, and analyze your networks.

You'll start by recognizing the purpose and characteristics of NetFlow and IPFIX network flow protocols. You'll then outline how NetFlow is used to baseline a network. Next, you'll identify the importance of logging, access control, and event queues. You'll examine techniques for tapping network traffic and collecting and forwarding logs. You'll explore SNMP, the PCAP format, and whitelisting. Finally, you'll set up Wireshark to detect potentially harmful events and import and export captured traffic in the PCAP format.

Expected Duration (hours)
1.0

Lesson Objectives

Network & Host Analysis: Network Analysis Formats

discover the key concepts covered in this course

describe the function and characteristics of the NetFlow and IPFIX network flow protocols

describe how NetFlow is used to baseline a network

recognize the importance of audit logs for security

identify the goals, capabilities, and types of application-based blocking for network access

outline techniques used to tap network traffic

outline techniques for collecting and forwarding logs

outline techniques for event queuing and handling

describe how SNMP is used for network management and monitoring

describe how PCAP is implemented for packet capture and filtering programs

outline the process for whitelisting and blacklisting applications

use Wireshark to detect an anomalous or potentially dangerous event

import and export captured traffic in the PCAP format using Wireshark

summarize the key concepts covered in this course

Course Number:
it_cynthadj_04_enus

Expertise Level
Intermediate