Tutorials

Coming soon
  • DoH: DNS over HTTPS
  • IRC: Internet Relay Chat
  • LDAP: Lightweight Directory Access Protocol
  • Modbus
  • MQTT: MQ Telemetry Transport Protocol
  • SNMP: Simple Network Management Protocol
  • STUN, TURN, ICE and NAT-PMP
  • Transformations: FFT

Training for traffic mining/network forensics

The training is intended for anyone who is willing to learn more details about IP traffic and the principle of flow-based Traffic Mining (TM).

You will be trained to do an analyst's hands-on job trying to find anomalies in real, unencrypted and encrypted IP traffic. In the process, you might get stuck in a foxhole and have to learn how to dig yourself out. Remember, nothing is like it seems initially... or maybe it is.

Basic training
Three days at any location of convenience.

  • Introduction to the most important IP protocols and header features
  • Introduction to methods of Traffic Mining for troubleshooting and security
  • Several hands-on exercises
  • Introduction to Tranalyzer
  • Philosophy, configuration and compilation operations
  • Most important plugins, including configuration constants
  • Flows and global reports
  • How to write your own plugin in C
  • Hands-on exercises on several PCAPs, in groups or alone
Advanced training: boot camp
Two weeks to one month (depending on the goal of expertise).
Includes homework and training in AI traffic classification.

  • Like the Basic training, only more detailed and with more hands-on exercises (3 days)
  • Application of AI in TM: do's and don'ts (2 days)
  • Encrypted packet forensics with minimum knowledge: one packet (2–5 days, depending on you)
  • Homework: several PCAP exercises to find anomalies
  • How to write your own automated post-processing script for Tranalyzer output (1-2 weeks, depending on you)
  • The 50GB PCAP: who finds the anomaly first? (If you need more that 10min, you failed)
  • Write Tranalyzer plugins for specific purposes in encrypted TM (taming the beast)

Prerequisites:
  • A Linux laptop and working knowledge of command line bash is required.
  • Rudimentary knowledge of awk and gnuplot is nice to have.

Registration and request for information:

Contact us to register or request additional information.