CFI 1085 - Network Traffic Analysis: Tools & Technology Credits: 3 Hours/Week: Lecture 2 Lab 2 Internship hours per week 0 Course Description: This course explores the use of TCPDUMP and Wireshark protocol analyzer to perform network analyses for communications troubleshooting and forensics investigations. The material offers real-world examples and interactive Hands-On Projects that reinforce key concepts and important monitoring and management tools. These materials have been specifically designed to prepare individuals to take an active role in administering a network infrastructure that uses TCP/IP, either as its only protocol suite or in concert with other protocol suites. Course topics include the fundamentals and advanced topics in TCP/IP, live captures and offline analysis of hundreds of protocols, and troubleshooting, optimizing, and securing a network based on the evidence found in captured network traffic. Course activities include hands-on lab exercises using real-world scenarios that put theory into practice. This course also includes voluminous protocol trace files that demonstrate what TCP/IP-based network infrastructure looks like and how to recognize, analyze, and troubleshoot a broad range of TCP/IP-related networking problems or phenomena. MnTC Goals None
Prerequisite(s): INET 1101 with a grade of C or higher or instructor consent. Corequisite(s): None Recommendation: None
Major Content
- Introducing TCP/IP
- IP Addressing and Related Topics
- Basic IP Packet Structures: Headers and Payloads
- Data Link and Network Layer Protocols in TCP/IP
- Internet Control Message Protocol
- Neighbor Discovery in IPv6
- IP Address Autoconfiguration
- Name Resolution on IP Networks
- TCP/IP Transport Layer Protocols
- Securing TCP/IP Environments
Learning Outcomes At the end of this course, students will be able to:
- use Wireshark’s Expert System to understand various traffic problems.
- use time values to identify network performance problems.
- capture packets on wired and wireless networks.
- create statistical charts and graphs to pinpoint performance issues.
- filter out traffic for more efficient troubleshooting and analysis.
- configure Wireshark for best performance and non-intrusive analysis.
- customize Wireshark coloring to focus on network problems faster.
- navigate through, split, and work with large traffic files.
- analyze normal/abnormal: Address Resolution Protocol (ARP) traffic, Domain Name System (DNS) traffic, Hypertext Transport Protocol (HTTP/HTTPS) traffic, Internet Control Messaging Protocol (ICMP) traffic, Internet Protocol v4 (IPv4) traffic
- analyze normal/abnormal: Transmission Control Protocol (TCP) traffic, User Datagram Protocol (UDP) traffic
- recognize potential network security infrastructure misconfigurations.
- use the TCP/IP Resolution Flowchart to identify possible communication faults.
- reconstruct suspicious activities for detailed analysis and evidentiary purposes.
Minnesota Transfer Curriculum (MnTC): Goals and Competencies Competency Goals (MnTC Goals 1-6) None Theme Goals (MnTC Goals 7-10) None
Courses and Registration
Add to Portfolio (opens a new window)
|