Academics > Resident Courses >

Course Catalogue

M6-111

Network Traffic Analysis

Conducted by COSEC

Aim

The aim of this course is to develop students who are able to master the methods and techniques used in gaining deep insight into the operations, use, investigation, and troubleshooting of cyber systems.

Details

Duration: 10 Weeks
Course Structure: Resident (1) - eLearning (8) - Resident (1)
Language: English 3333 IAW STANAG 6001
Classification: NATO Unclassified
Area: COP - Cyber Defence Operations
Section: CD - Cyber Defence Operations
Depth of Knowledge: 3 - Apply
ePrime No.: ACT.371
ETOC Code: COP-CD-31396

Course Iterations

Code Course Dates Open Seats
M6-111-A-17 19 Jun 17 - 25 Aug 17
M6-111-B-17 18 Sep 17 - 24 Nov 17 0

If no seats are available, you may have your agency POC send a seat waiting list request. Please refer to the POC Finder to obtain the contact information of your agency POC.

Learning Objectives

Plan for Data Collection: Based on guided, hands-on lab exercises, independently completed challenge problems, and Distance Learning (DL) analysis problems, students will be able to systematically plan for data collection, in accordance with the guidelines provided by the course material.

Capture Traffic of Interest: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will capture traffic of interest, in accordance with the guidelines provided by the course material.

Analyze Traffic: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems, students will analyse the traffic in accordance with the guidelines provided by the course material.

Demonstrate Appropriate NT Actions: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems on traffic analysis, students will demonstrate appropriate action as a result of the analysis in accordance with the guidelines provided by the course material.

Employ Expert Systems: For a given data collection, students will be able to determine who is talking, what applications are being used, filter on conversations of interest, create statistical graphs related to issues of interest, employ expert systems to recognize anomalies and diagnose problem areas in accordance with the guidelines provided by the course material.

Demonstrate Network Analysis, Troubleshooting, Security Analysis and Performance Evaluation Methods: Given the skills acquired during the course, students will demonstrate general analysis, network troubleshooting, security analysis, and application performance evaluation in accordance with the guidelines provided by the course material.

Apply Wireshark/Tshark/Kismet/LibCap/Wincap Tools: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will demonstrate the use of Wireshark, tshark, kismet, and libpcap/Wincap in accordance with the guidelines provided by the course material.

Describe Wireshark Functionality: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems, students will describe functionaility of Wireshark to include dissector evaluation, capture filters, display filters, and IO graph development in accordance with the guidelines provided by the course material

Prevent Cyberattacks: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will identify the precursors of a cyber attack to allow them to take preventive measures in accordance with the guidelines provided by the course material.

Diagnose Root Causes of Suspect Traffic: In the case of forensic analysis, students will be able to identify suspect traffic and make associations to identify root causes in accordance with the guidelines provided by the course material.

Course Participants

This is a technical course that requires a modicum of technical education and/or experience background. The target audience is personnel (security managers, technicians and engineers) those work responsibilities require or would benefit from understanding of network protocol behaviour, mastering the utilization of a protocol/traffic analyser and developing a forensic explanation.

Language Proficiency: English 3333 IAW STANAG 6001
Rank Requirements: NCO: No restrictions
Officer: No restrictions

Methodology

This ten weeks course is a mix of lectures, guided, hands-on lab exercises, independently completed challenge problems, and Distance Learning (DL) analysis problems.
Lab exercises challenge problems are conducted in class using Sakai during the resident weeks. DL problems are conducted using Sakai during the non-resident weeks.
This course is designed so that the majority of the resources used in the teaching of the course will be supplied from the Wireshark textbook as well as instructor’s materials, delivered in classroom (via PowerPoint presentations), supplemented with classroom discussions. The student's time will average 3 to 5 hours a week during the DL segment of the course, required for the DL problems.

Further Information

This course involves one week resident training at NATO school followed by 8 weeks of distance learning followed by one more week at NATO school.