Overview

CybrScore’s Monitoring Network Traffic Lab is designed to prepare students to identify potentially malicious scans against a network using network analysis tools. It is intended for intermediate level students. CybrScore’s Monitoring Network Traffic Lab teaches students how to capture network traffic and save it as a .pcap file, how to run Nmap scans against network assets, analyze web server logs, and see what the attackers' scans look like at the network level when viewed using Snort and Wireshark. Upon successful completion of CybrScore’s Monitoring Network Traffic Lab, the student will be able to identify a network reconnaissance scan by capturing the network traffic and analyzing it in Snort and Wireshark. The Apache web server logs will also show students another perspective on what a reconnaissance scan looks like. CybrScore’s Monitoring Network Traffic Lab takes approximately 45 – 60 minutes to complete for most students.

In CybrScore’s Monitoring Network Traffic Lab students will learn about detecting host and network-based intrusions via intrusion detection technologies. This skill is a key part of the Cyber Defense Analyst work role and builds on the ability to protect and keep networks safe from intruders.

In CybrScore’s Monitoring Network Traffic Lab students will learn about performing a packet-level analysis. This skill is a key part of the Cyber Defense Analyst work role and builds on the ability to detect and recognize network-based attacks.

In CybrScore’s Monitoring Network Traffic Lab students will learn about interpreting the information collected by network tools. This skill is a key part of the Cyber Defense Analyst work role and builds on the ability to use multiple tools to detect network-based intrusions.

CybrScore’s Monitoring Network Traffic Lab is part of the Cyber Defense Analyst career path. Completion of the CybrScore’s Monitoring Network Traffic Lab means that the student has demonstrated the ability to interpret the information collected by network tools, detect host and network-based intrusions via intrusion detection technologies, and perform packet-level analysis.