Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

Claim your FREE 7-day trial

Network Traffic Analysis Cyber Range

Gain practical experience and develop your real-world network traffic analysis skills as you progress through the labs in the Network Traffic Analysis Cyber Range.

10 labs  //  2 hours of training

Network Traffic Analysis Cyber Range overview

This cyber range allows you to learn and practice useful skills related to analyzing network traffic. You will work with Terminal Shark (TShark), Scapy and other tools to identify common network protocols, examine malware communications, extract transmitted files, filter output to display specific information, view communication statistics and much more. The labs in this range involve examining network capture files as well as capturing live traffic.

Labs

Introduction to Terminal Shark
Lab
Introduction to Terminal Shark

Introduction to Terminal Shark

Terminal Shark, or TShark, is the command-line version of Wireshark, which is a commonly-used tool for network traffic analysis. This lab is designed to provide an introduction to Terminal Shark, including some of the most common command flags and uses.

Duration: 15:00

Traffic Replay and Live Traffic Analysis in TShark
Lab
Traffic Replay and Live Traffic Analysis in TShark

Traffic Replay and Live Traffic Analysis in TShark

This lab explores some of the options available when performing live traffic analysis with Terminal Shark (TShark).

Duration: 12:00

Extracting Files from Traffic Samples in TShark
Lab
Extracting Files from Traffic Samples in TShark

Extracting Files from Traffic Samples in TShark

Traffic captures commonly include files that are of interest to incident responders. Emails may include embedded malicious files, or multi-stage malware may download additional malware to achieve certain purposes. Since some malware removes itself from the system after execution, extracting it from a network capture may be the only option to get a copy. This lab explores methods of extracting files from network traffic using Terminal Shark (or TShark).

Duration: 14:00

Decrypting SSL and TLS in TShark
Lab
Decrypting SSL and TLS in TShark

Decrypting SSL and TLS in TShark

Over half of all Internet traffic is now encrypted. Malware also makes heavy use of encryption to hide malicious content among legitimate traffic. In this lab, we will decrypt traffic encrypted with SSL and TLS using Terminal Shark (TShark).

Duration: 14:00

TShark and Command Line
Lab
TShark and Command Line

TShark and Command Line

Explore how Terminal Shark can be combined with Linux Terminal commands for network monitoring.

Duration: 12:00

Decoding and Decrypting Network Traffic Data
Lab
Decoding and Decrypting Network Traffic Data

Decoding and Decrypting Network Traffic Data

This lab demonstrates how to identify and reverse various encoding and encryption algorithms commonly used to obfuscate malware command and control traffic.

Duration: 13:00

Identifying Abnormal Traffic
Lab
Identifying Abnormal Traffic

Identifying Abnormal Traffic

Malware authors and other cybercriminals will often misuse legitimate protocols for command and control. This lab explores some of the ways that this can be accomplished.

Duration: 12:00

Scapy for Network Traffic Analysis
Lab
Scapy for Network Traffic Analysis

Scapy for Network Traffic Analysis

Scapy is a Python library for performing network traffic analysis. Using Scapy, it is possible to easily view, manipulate and write scripts using packet data.

Duration: 15:00

Traffic Generation with Scapy
Lab
Traffic Generation with Scapy

Traffic Generation with Scapy

The purpose of this lab is to explore the use of Scapy for building fake packets, which can be used for a variety of different purposes.

Duration: 16:00

Leaked Credential Extraction
Lab
Leaked Credential Extraction

Leaked Credential Extraction

Many commonly-used network protocols were not designed to be secure by default. Unless they are encrypted using SSL/TLS, they perform authentication in the clear, allowing user credentials to be intercepted. This lab demonstrates how these credentials can be identified and extracted.

Duration: 13:00

 

You're in good company

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

Plans and pricing

Personal

$299

Annually

Teams

$599 / license

Annually. Includes all content plus team admin and reporting.