top header
top gradation HOME top vertical line top vertical line top vertical line top vertical line top vertical line top vertical line top vertical line menu gray
black line 2
menu gray tab More About ATI
menu blue ATI — Who We Are
white line
menu blue Contact ATI Courses
white line
menu blue List Of ATI Courses
white line
menu blue Attendees Testimonials
white line
menu blue The ATI FAQ Sheet
white line
menu blue Suggestions/Wait List
white line
menu blue New Courses
white line
menu blue Become an ATI Instructor
menu gray tab site resources
menu blue Acoustics & Sonar
white line
menu blue Rockets & Space
white line
menu blue GPS Technology
white line
menu blue ATI Blog
white line
menu blue ATI Space News
white line
menu blue ATI Site Map
white line
menu blue ATI Staff Tutorials
white line
menu blue ATI Sampler Page
white line
menu gray tab bar
menu gray tab courses
white line
menu blue Current Schedule
white line
menu blue Onsite Courses
white line
menu blue Register Online
white line
menu blue Request Brochure
white line
menu blue Free On-Site Price Quote
white line
menu blue Download Catalog
white line
menu blue Distance Learning
black line  

ATI's Fundamentals of Packet Analysis course

Share |


Technical Training Short On Site Course Quote

This four-day course teaches students the fundamental concepts, methodologies, and tools necessary to analyze network traffic for the purposes of intrusion and threat detection, network defense, and low profile offensive operations. The hands-on course begins with discussing the role of network packet analysis in computer network operations (CNO). After a detailed discussion of the TCP/IP protocol suite and ethernet network operations, the student practices using the command line tools tcpdump and tshark to capture and analyze self-generated network traffic. Students then are asked to examine actual packet captures which illustrate various exploits, network reconnaissance techniques, and more advanced network attacks. The course concludes with an extensive real world exercise in which the student must utilize all of the concepts and tools learned in class to analyze and fully characterize the various network threats and breaches.

Course Prerequisites:

CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with the Linux command line and basic Linux command line functions.


Who Should Attend

Individuals involved in Computer Network Security, Information Assurance, Network Defense, Incident Response, or anyone else wishing to better understand the threats that may face their networks on a daily basis.

Course Outline:

    Module 00: TCP/IP Review

    • OSI vs Internet Model
    • Physical and Logical Addresses
    • Services and Ports
    • Domain Name System
    • Routing

    Module 01: The Protocols

    • Link Layer
    •     Ethernet
    •     Address Resolution Protocol
    • Network Layer
    •     Internet Protocol
    •     Internet Control Message Protocol
    • Transport Layer
    •     Transmission Control Protocol
    •     User Datagram Protocol
    • Application Layer
    • Dynamic Host Configuration Protocol
    • Domain Name System
    • Hypertext Transfer Protocol

    Module 02: Basic tcpdump

    • Capture and read files
    • Command line options
    • Filters: hosts, ports and protocols

    Module 03: Advanced tcpdump

    • Advanced expressions and primitives
    • Qualifers
    • Expression combinations
    • Offsets and specific byte identification

    Module 04: Basic tshark

    • Installing tshark
    • Capture versus display filters
    • Capture and read files
    • Apply basic capture filters
    • Apply basic display filters

    Module 05: Advanced tshark

    • Creating customized capture filters
    • The role and use of profiles
    • Ring buffers, file size, and duration
    • Mergecap, editcap, and capinfo

    Module 06: Practical Exercise

    • An all day team exercise to analyze packet captures from a victim network and to provide a detailed analysis of findings


      Tuition for this four-day course is $2,495 per person at one of our scheduled public courses. Onsite pricing is available. Please call us at 410-956-8805 or send an email to