The tutorial is a snapshot of some of the labs that are delivered in the 3 or 5 day Network security workshops that are delivered by APNIC. The focus of the tutorial is to introduce packet analysis concepts by explaining various protocols, tools and strategies to analyse packets to enhance security and help with troubleshooting. This tutorial aims at providing attendees a practical approach to:
Overview of protocols.
Packet Analysis using tcpdump and other tools.
Strategies for packet analysis including encrypted traffic
This online tutorial is fee-free.
Engineers, Network Managers and Operators, and Security policy makers who are interested in network security and want to gain an understanding of how to analyse traffic for security and troubleshooting.
It is assumed that participants have a basic understanding of:
- network operations, Internet technologies, OSI reference model and TCP/IP.
- Basic Linux command line (CLI) skills.
We recommend the following Academy courses be completed before the start of the tutorial:
- Network security fundamentals: https://academy.apnic.net/en/webinar-courses/network-security-fundamentals/
- Introduction to Cybersecurity: https://academy.apnic.net/en/course/introduction-to-cybersecurity/
- Overview of protocols
- Introduction to packet capturing
- Overview of various tools. For example tcpdump, tcpreplay, cloudshark and wireshark
- Strategies for packet analysis
- Utilising metadata to analyse encrypted traffic
Hardware: Participants are advised to bring their own laptop computers with high-speed Wi-Fi (802.11a/g/n/ac) and administrative access to system. It is also recommended that laptops have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
Software: SSH Client, Telnet Client, VirtualBox/VMware
Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.oregon-ix.net. For example from the CLI type: ssh firstname.lastname@example.org