It’s easy to fire up Wireshark and capture packets…but making sense of them is another story.

There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated into several languages, and has sold over tens of thousands of copies. Now, I’m excited to bring my live packet analysis workshop to Augusta, GA.

---

The one-day Packet Analysis Workshop is the best way to get hands-on visual experience capturing, dissecting, and making sense of packets. You'll learn:

• How to use color-coded packet maps to navigate and dissect protocols.
• Wireshark’s analysis features, including how to create graphs, traverse protocol hierarchy charts, and generate stats that are simple AND useful.
• My tips for customizing your analysis environment by using features like Wireshark profiles, custom columns, and individual packet color coding.
• Techniques for extracting complete files from network communication — even custom malware command and control.
• How to use tshark to perform packet analysis on the command line.
• The basic stimulus and response of common protocols — and how attackers use this to their advantage.
• Filtering techniques using Wireshark display filters and BPF capture filters so you can quickly eliminate noise and get to the data you need
• How malware commonly spreads and communicates over the network

The ability to understand packets is a critical skill for SOC analysts, network engineers, system administrators, forensic investigators, reverse engineers, and programmers alike. You'll learn some of these skills in this workshop.

Course Format

This workshop is delivered live in Augusta, GA during an all day (9A-4P) session. You’ll participate in demonstrations and hands-on activities that help you become more comfortable dissecting packets.

Course Outline (subject to change based on available time):

1. The Life of a Packet: Encapsulation and Decapsulation
2. Tapping into the Wire: Where to capture packets
3. Packet Maps: Dissecting packets like a protocol analyzer
4. Wireshark: Common analysis techniques and customization
5. Tshark: Packet analysis on the command line
6. Common Protocols: Normal and abnormal stimulus and response
7. Hands-On Security Scenarios: Malware communications, session hijacking, and more

The course is being held the day before the Security Onion Conference and two days before BSides Augusta. If you're coming to town for the conferences, consider coming a day early for the workshop. If you're just coming for the workshop, you won't regret staying longer for these two conferences. They make up one of my favorite weekends of the year!

About the Instructor

Chris Sanders is an information security author, trainer, and researcher originally from Mayfield, KY. He is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. In previous roles, Chris worked with the US Department of Defense, InGuardians, and Mandiant to build security operation centers and train practitioners focused on defending defense, government, and Fortune 500 networks. Chris is also the founder and director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. The RTF has placed computer science education resources into the hands of over 50,000 students.

Chris has authored several books and articles, including the international bestseller “Practical Packet Analysis” from No Starch Press, currently in its third edition and in seven languages, and “Applied Network Security Monitoring” from Syngress. His current research focus is the intersection of cyber defense and cognitive psychology to enhance the field of security investigative technique through a better understanding of the human thought and learning processes.

Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense athttp://www.appliednetworkdefense.com and the RTF at http://www.ruraltechfund.org.

FAQ

What do I get?

All students receive the following:

• One day of classroom instruction with Chris Sanders
• A collection of PCAP files for the labs
• Certificate of completion
• Continuing education credits (CPEs/CMUs)

I've read the book, will I still learn anything in the workshop?

Absolutely! There's some overlap in the concepts but many of the lab exercises in the workshop are unique. You'll be exposed to new content that isn't available in the book.

Will I be lost if I haven't read the book?

Not at all! The course doens't assume you've read the book. Some more good news -- I'll give away a couple signed copies during the class.

What hardware is required for the class?

Students should bring a laptop with Wireshark installed. You can see the Wireshark system requirements and installation procedure here: https://www.wireshark.org/. You should have approximately 250 MB of free space for the lab capture files.

What do I need to bring to the class?

You should plan to bring:

• Eventbrite ticket for the event
• Laptop as described above
• An open mind

What prerequisites are there for this course?

This course is entry to mid-level. No prior packet analysis experience is required, but you should have a basic understanding of network communications. If you're not sure if this class is at the appropriate level for you, e-mail me and we can discuss where you're at in relation to the course material.

Can I use a non-Eventbrite method of payment?

Yes, if you need to use another payment method please contact me for details at chris@chrissanders.org.

Is there a discount for multiple registrations from the same company?

Yes, there are a limited number of discounted seats available for companies who have multiple individuals that want to attend. Please contact me for pricing at chris@chrissanders.org.

What is the refund policy?

You may log into your Eventbrite account and request a refund up until seven days before the event.

This event is brought to you by Applied Network Defense