CSX PACKET ANALYSIS COURSE

What is Packet Analysis? (Lesson)
- Gain familiarization with the OSI model;
- Understand the role of packets in online communications;
- Identify when the application of packets is appropriate;
- Understand the basic composition of a packet;
- LessonTools of the Trade;
- Understand the basics of tapping the network;
- Understand the options available for packet analysis software;
-Demonstrate a basic understanding of Wireshark and its capabilities;

Common Protocols (Lesson)
- Understand the definition of protocol;
- Understand the definition of port;
- Understand specific protocols which help conduct packet analysis;
- Identify which protocols are helpful for device characterization;
- Identify which protocols are helpful for network mapping;

Data Manipulation (Lesson)
- Understand where to find packets;
- Understand how to capture packets in Wireshark ;
- Understand how to filter certain types of data;

Protocol Parsing (Lab/Instructional);
Students will leverage Wireshark to identify basic information from a packet capture.

ARP Analysis (Lab/Instructional)
Students will leverage Wireshark to identify dissect and understand ARP packets.

Initial Connection (Lab/Instructional)
Students will leverage Wireshark to identify dissect and understand the type of network activity associated with Internet Control Messaging Protocol (ICMP) and traceroute activity.

Device Characterization (Lesson)
- Understand what types of devices emit packets;
- What unique identifiers those devices have;
- How to find those unique emitters in a packet collection;
- How to characterize those devices;

Interesting Searches (Lab/Instructional);
Students will learn how to conduct packet analysis to identify the types of searches which devices are executing on their network.

Additional Pets (Lab/Challenge)
Based on what students have learned, thus far, they are challenged to conduct preliminary analysis on a provided packet capture in order to ascertain information about the device and individual using it.

GET Request and Response Dissection (Lab/Instructiona)l
Understanding the user-agent affiliated with devices allow analysts to assess what kind of devices are on their network of responsibility. This course will show students how to properly evaluate a user-agent and characterize a system. Additionally, it will illustrate how to gain contextual information from GET Requests and server responses.

Nefarious Employee (Lab/Challenge)
Using the skills learned thus far in the course, students will characterize the traffic and device of a potentially nefarious employee, suspected of selling company secrets.

Playing Around (Lab/Instructional)
This lab leverages all of the Wireshark filters and methods presented in the course thus far to show a student how to characterize network traffic and an individual on the network.

Wireless Packets (Lesson)
- Understand the wireless medium on a basic level;
- Understand how to collect wireless packets;
- Understand how to analyze wireless packets;

Probe Request Analysis (Lab/Instructional)
This lab leverages demonstrates how to analyze a probe request. Students learn what key information can be pulled out of a probe request about a device and a wireless network.

Analysis (Lab/Challenge)
This lab leverages requires students to leverage the skills and filters learned in the probe request lab and use them to analyze a captured beacon packet.

Network Topology (Lesson)
- Understand how to map networks based off packet collection;
- Corroborate dataflow and protocol usage;
- Create a visual network map of the collected data;

Network Topology (Lab/Instructional)
Understanding how to create a network map from a provided packet capture is important for individuals desiring to gain a better understanding of a network, but are prohibited from disrupting the network by introducing packets into the medium.

Wireless Network Topology (Lab/Instructional)
Using the skills you have learned so far, create a network topology (netmap) of the 192.168.1.0 network in the provided packet capture. Successful completion of the lab will demonstrate the comprehension of all labs up to this point.

Threat Analysis (Lesson)
- Understand specific threats against a network;
- Comprehend unique traits inherent to defined threats;
- Understand how to identify specific threats via packet analysis;

Blaster Worm Analysis (Lab/Instructional)
Understanding how systems become infected and recognizing affiliated packets is an important skill for incident responders and IT personnel. In this lab, students will analyze a Blaster worm infection's affiliated packets.

Mobile Analysis (Lesson)
- Identify mobile devices via packet analysis;
- Identify mobile apps via packet analysis;
- Understand how these systems are inherently vulnerable;
- Identify methods through which they may be exploited;

Rouge AP and Mobile Analysis (Lab/Challenge);
Students will identify and characterize the rouge access point that is connected to a network of responsibility. They will also assess the traffic on the access point to determine what type of device is using it and what that device is doing.

Bringing it All Together (Lesson)
- Device Characterization;
- Mobile Identification;br] - Netmapping;
- Wireless Assessment;
- Attack Recognition;

Complete Netmap and Device Characterization (Lab/Challenge)
Students will leverage all of the skills learned in this course to provide in-depth analysis of a provided capture. Final submissions will include a complete network topology and a fully characterized device.

The CSX Packet Analysis Certificate Exam assesses candidates understanding of packet and protocol analysis. The two-hour exam is a real-time, hands-on exam which challenges students to demonstrate their skill set in a live environment. This two-hour exam contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available.

Objectives:
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:

Demonstrate an ability to:
- Understand the role of packets in online communications;
- Identify when the application of packets is appropriate;
- Understand the basic components of a packet;
- Understand the basics of tapping the network;
- Understand the options available for packet analysis software;
- Demonstrate a basic understanding of Wireshark and its capabilities;
- Understand the definition of a protocol;
- Understand the definition of port;
- Understand specific protocols which help conduct packet analysis;
- Identify which protocols are helpful for device characterization;
- Identify which protocols are helpful for network mapping;
- Understand where to find packets;
- Understand how to capture packets in Wireshark;
- Understand how to filter certain types of data;
- Understand what types of devices emit packets;
- Identify unique identifiers those devices have;
- Find unique emitters in a packet collection;
- Characterize packet emitters;
- Understand the wireless medium on a basic level;
- Understand how to collect wireless packets;
- Understand how to analyze wireless packets;
- Understand how to map networks based off packet collection;
- Corroborate dataflow and protocol usage;
- Create a visual network map of the collected data;
- Understand specific threats against a network;
- Comprehend unique traits inherent to defined threats;
- Understand how to identify specific threats via packet analysis;
- Identify mobile devices via packet analysis;
- Identify mobile apps via packet analysis;
- Understand how these systems are inherently vulnerable;
- Identify methods through which they may be exploited;
- Device Characterization;
- Mobile Identification;
- Netmapping;
- Wireless Assessment;
- Attack Recognition;