Wireshark Configuration for Cyber Security Analysis
This course will teach you the best settings and filters to use in Wireshark for quickly spotting malware behavior, enumeration and scans, and other suspect traffic.
What you'll learn
Properly configuring Wireshark can greatly help to track down IoCs and can reduce the time required for Cyber Security professionals to perform network forensics. In this course, Wireshark Configuration for Cyber Security Analysis, you’ll learn to quickly spot suspect traffic with Wireshark. First, you’ll explore the top five Wireshark settings that all Security Professionals should implement when analyzing traffic. Next, you’ll discover how to create filters and coloring rules that will make suspect traffic stand out. Finally, you’ll learn how to decrypt TLS traffic for analyzing secure communications. When you’re finished with this course, you’ll have the skills and knowledge of Wireshark needed to speed up traffic analysis and incident response.
Table of contents
- Introduction to Cyber Security Analysis with Wireshark 3m
- Lab 1 - Creating a Security Profile 7m
- Lab 2 - The Statistics View 5m
- Lab 3 - Configuring GeoIP Location Resolution 6m
- Lab 4 - Configuring Custom Columns 5m
- Lab 5 - Configuring Name Resolution 5m
- Lab 6 - Exporting HTTP Objects and Files 3m
- Lab 7 - Reassembling and Exporting FTP Files 3m
- Module Summary 1m
- Intro to Filters and Coloring Rules in Wireshark 1m
- Analyzing Unusual DNS Activity 1m
- Lab 7 - Part 1 - Filtering for Unusual DNS Activity 9m
- Lab 7 - Part 2 - Filtering for Unusual DNS Activity 3m
- Analyzing Traffic from Unusual Country Codes 1m
- Lab 8 - Filtering for Traffic Based on Country Location 5m
- Analyzing Suspect TCP Behavior and Flags 2m
- Lab 9 - Part 1 - Filtering for Suspect TCP Behavior 6m
- Lab 9 - Part 2 - Filtering for Suspect SSH Traffic 2m
- Lab 10 - Filtering for Executable Files 5m
- Lab 11 - Analyzing Traffic over Non-standard Ports 5m
- Summary 1m