Logo TCP/IP Training
Our wireshark tools

Masterclass – Advanced Network & Intro to Security Analysis

Price: € 3.950.- (excl. VAT/BTW/MwSt/TVA)
Category: Wireshark training
Format: Classroom, Virtual / In-house
The realities of modern traffic analysis require interpreting encrypted network traffic correctly. A detailed knowledge of how key protocols such as HTTP can provide valuable insights into what is happening in a suspect traffic capture. This workshop provides an introduction.. read more below
Amsterdam / In-House / Virtual
T.B.A. 2025
08:30-16:30
duration: 5 days
5-12 class size
English
Sign up now
Request information

The realities of modern traffic analysis require interpreting encrypted network traffic correctly. A detailed knowledge of how key protocols such as HTTP can provide valuable insights into what is happening in a suspect traffic capture. This workshop provides an introduction to techniques for the evaluation of encrypted traffic using open-source tools such as Wireshark to provide insight into the following areas:

  • Specialized software configuration and new Wireshark Profiles to make Analysis faster
  • Encryption techniques, including SSL / TLS / WEP / WPA.x
  • Specialized encrypted traffic analysis techniques using Wireshark 4.x
  • Specialized filtering and Analysis techniques, including data traffic reconstruction and viewing
  • Recognition, analysis, and threat recognition for many of the following generation user protocol issues, including DHCPv6, IPv6/Ipv10, ICMPv6, SCTP/DCCP/RUDP, DNSSec/MDNS/DDNS/LLMNR, Email Protocols (POP / SMTP / IMAP), and standard Internet-based User Protocols such as HTTP2/HTTP3

The course uses Real-world examples and numerous hands-on exercises to provide field-proven, practical analysis skills. Attendees receive a student guide, including numerous reference files, Networking and forensics tools, and a library of reference documents.

This course is for Networking, Government, and Security personnel that need to develop advanced packet investigation techniques by studying the Next Generation Networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course provides these individuals with a path-way into the field of both Network and Forensics Analysis.

Section 1: Introduction to Advanced Network Analysis

 

Logistics

Open-Source Tool Recommendations

 

Network Analysis Challenges – Nomenclature, Terminology, and Next Generation Protocols

 

Section 2: Recap: Collecting the Data – Data Capture

 

Taking it to the Next Level – Advanced Profile Construction

 

Data Collection

Configuring Wireshark – Standard Captures vs. Stealth and Silent Collection of Data

New types of capture filters – Offset and String-Matching

 

Section 3: Network Analysis Methodology

 

Analyzing Conversations and Activities for Indicators of Compromise (IOC)

Analyzing Conversations and Activities using the Expert Systems to determine unusual activity

Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to recognize suspicious traffic

 

A Sample Advanced Network Forensic Methodology

Answering the key questions – A Sample Network Analysis Methodology

 

Forensic Diagramming – A Picture is worth 1024 Words

 

What’s Normal vs. Abnormal – The Role of Baseline Files

Building a Baseline Library – Where do I find Samples?

 

Recognizing IOCs of Intrusions

Forensic Analysis of an Intrusion

Scouting the Target – Network Reconnaissance and Scanning Tools

Recognizing Scanning Signatures of standard scanning tools – NMAP, Nessus, Retina, and others

 

Bot, Botnets – Command and Control Traffic

Recognizing Bots and Botnet activity – the key IOC’s

Identifying, tracking, and reassembling Command and Control Traffic

 

Section 4: Analysis of Network Applications and User Traffic – The Next Generation Networking Protocols

 

The Networking Protocols – Original vs. Next Generation – New Protocols and New Functions

Configuration Protocols

Structure and Analysis of DHCPv6

Common DHCP-based exploits, Attacks and Examples of Intrusion Signatures

 

Resolving Addresses – DNSSec / DDNS / MDNS / LLMNR

Structure and Analysis of DNS vs. DNSSec, DDNS. mDNS, and LMNR

Common DNS-type Exploits, Attacks, and Examples of Intrusion Signatures

 

The Network Layer – IPv6 / IPv10

Structure and Analysis of IPv4 vs. IPv6 and IPv10

IP Options – What’s the Big Deal?

Common IP Exploits and Examples of Intrusion Signatures

 

Utility and Troubleshooting Protocols – Internet Control Message Protocol (ICMPv6)

Structure and Analysis of ICMPv4 vs. ICMPv6

Network Analysis Using the ICMP Analysis – Types and Codes

Common ICMP Exploits and Examples of Intrusion Signatures

 

The Transport Layer – Moving the Data –SCTP / RUDP / DCCP / QUIC / SPDY

Structure and Advanced Analysis of TCP vs. UDP

TCP Options – What’s the Big Deal?

Advanced TCP Analysis Using Expert Systems

Structure and Advanced Analysis of SCTP

Structure and Analysis of the RUDP and DCCP

Google Transport Protocols SPDY / QUIC

Common Transport Layer Exploits and Examples of Intrusion Signatures

 

The Application Layer – Analyzing Common User Protocols

Email Applications Using POP / SMTP / IMAP

Structure and Analysis of the Email Cloud

Assembling and evaluating Email traffic

 

Web-Based Applications Using HTTP2 / HTTP3

Structure and Analysis of HTTPS – Decrypting TLS

Extracting and using Session Keys

Response Codes – The answer to analyzing HTTP-based protocols

Reassembling and Exporting of Objects

 

 

Where do I go from here? – Continuing Your Wireshark Education

 

Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark

Wireshark 1 – TCP/IP Troubleshooting & Network Optimization Using Wireshark

Wireshark 2 – Masterclass – Advanced Network & Security Analysis

Wireshark 3 – Network Forensics Analysis

Wireshark 4 – Mobile Device Forensics Analysis

Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis

Wireshark 6 – VoIP Advanced Network Analysis

Wireshark 7 – WiFi Advanced Network Analysis

Wireshark 8 – SCADA and ICS Advanced Network Analysis

Wireshark 9 – Wireshark Command Line Tools

Student qoutes

"It's sure the most interesting course that i have followed"

- Karin van der Plas

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"It was a very very very interesting course, and done by the top guy"

- Matthew Steenwijk

Course: VoIP Network Analysis

"It was a real pleasure to receive the Wireshark training from a very dedicated trainer"

- Wim de Vries

Course: Voice & Video over IP Network Analysis Using Wireshark

"I thought I already knew Wireshark. I was wrong, very wrong"

- Jeroen Valkonet

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"This course is a must have for everyone in IT"

- Johan den Besten

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"Great for network analyses or forensic investigations"

- Sven Schneider

Course: Masterclass – Advanced Network & Intro to Security Analysis

"By far the very best course I ever took"

- Joachim van Doeselaar

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"If there’s a packet, it can be WireSharked!!"

- Elena Petrova

Course: WiFi & Wireless Network Analysis Using Wireshark

"Extremely satisfied with the training. Very helpful instructor and great teaching methods"

- Lars Mikkelsen

Course: Masterclass – Advanced Network & Intro to Security Analysis

More courses within category Wireshark training

WiFi & Wireless Network Analysis Using Wireshark

Amsterdam / In-House / Virtual
duration: 5 days
T.B.A. 2025
This course is for Networking and Security personnel who must develop packet investigation techniques by studying the WiFi and Wireless Networking Protocols (IEEE 802.11a, b, g, n, ac, ad, az)..

Cloud-based Network Analysis & Troubleshooting

Amsterdam / In-House / Virtual
duration: 5 days
T.B.A. 2025
This course is for Networking and Security personnel who need to develop a set of packet investigation techniques to support recognition, analysis, and threat recognition for many of the next..

Internet of Things (IoT) Network Analysis

Amsterdam / In-House / Virtual
duration: 5 days
T.B.A. 2025
This course is for Networking and Security personnel who need to develop packet investigation techniques by studying the IoT and Home Automation Protocols using Wireshark and other OpenSource Analysis tools...

TCP/IP Analysis and Troubleshooting with Wireshark

Amsterdam / Hoofddorp / The Netherlands
duration: 5 days
6
Oct
- 10
Oct
2025
Effective Network TCP/IP Analysis and Optimization encompasses the skills of not only capturing data, but also the ability to discern the key patterns hidden within the flood of network traffic...
Logo TCP/IP Training

SCOS Training
ViaCloud BV

  • Training location:
    Transpolis Building
    Polarisavenue 53
    2132 JH Hoofddorp
    The Netherlands

Links

Direct questions

  • site made by
  • Atoomweg 2
    1627 LE HOORN
    The Netherlands
  • +31 (0)23-5685610
  • info@scos.training

Sign up and register for Masterclass – Advanced Network & Intro to Security Analysis

A course only takes place if there is sufficient participation.
*
= required

Do you want to register for more than one course? Click here

Request information for Masterclass – Advanced Network & Intro to Security Analysis

*
= required

Do you want to request information for more than one course? Click here