How to Perform Network Analysis using Wireshark, Snort, and SO

How to Perform Network Analysis using Wireshark, Snort, and SO

  • English
  • Cybersecurity
  • Ethical HackingEthical Hacking
  • (842)
  • Project length: 8h 26m

Performing Network Analysis is imperative to best secure networks, productions systems or even at home. Using common analytics tools such as the ELK stack allows for advanced analytics on network traffic allowing for detection and prevention of network attacks. This series will cover setting up a monitoring environment, useful for any IT professional. Also, the tools allow for preventing certain cyber attacks, including automating this process of securing the network. In addition, thorough analytics of network data allows for advanced threat detection such as from network anomalies. This series will conclude by September.

Overview

How to analyze networks with Wireshark, Snort, and Security Onion tools

Project Introduction: The Network Analysis tutorial will cover the process of configuring, capturing, and analyzing network traffic with the common free tool. These tools are Wireshark, Snort, and the Security Onion OS which houses the ELK stack for network analytics. Network analysis that will be covered will be a basic configuration of turning these tools into useful Intrusion Detection and Prevention systems on your small to medium-sized network.

What are the requirements?:

  • Operating system administration/configuration
  • Basic command line experience
  • Machine with 20GB storage and (ideally) 8GB memory

What is the target audience?:

  • Monitoring home network
  • Free solution to monitor small-medium network yourself
  • Learning about network traffic and monitoring
  • Learn about securing networks with ID/PS tools
  • Practice setting up IT environment for network monitoring

When are the streaming sessions (streaming schedule)? COMPLETED

Project Outline

Overview and Technology Intro

  • Overview of Project
  • Overview of Network Analysis Topics
  • Intro to Important Concepts

Session 1: Setting up environment

  • Setting up Wireshark (WinPcap on Windows)
  • Setting up Snort (snort.conf configuration, Windows changes)
  • Setting up Security Onion Machine (basics)

Session 2: Tools and Sensors

  • Capture Filters
  • Display Filters
  • Identifying potential alerts

Session 3: Tools and Sensors Part 2

  • Filters/Rules
  • ID/PS setup

Session 4: Production Mode Setup / Wireshark introduction

  • Wireshark/Snort Tools
  • ELK Stack Analytics
  • Integration with Other systems

Session 5: Snort Rules

  • Basics of Snort rules
  • Important points to remember for writing rules
  • Basic rule examples

Session 6: Wireshark In-depth

  • More features of Wireshark

Session 7: Snort In-depth

  • More Snort features
  • Overview of important concepts

Session 8: Final Snort Demo

  • Demo of concepts from session 7
  • Wrap up

Reviews

Average rating

5(842 Reviews)
  • Avatar

    biancadietreh

    2 months ago

    Excellent cybersecurity tutorial

  • Avatar

    hughdodario

    2 months ago

    I thought this was hard before this tutorial, now I get it.

  • Avatar

    sigurdfrost

    2 months ago

    I tried this in my company. It works!