Wireshark 5 – Cloud & Internet of Things (IoT) Analysis and Security

This course is designed for Networking and Security personnel that need to develop a set of packet investigation techniques through study of the Cloud and IoT networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.

Format: 5 days Classroom Instruction

Start/End Times: 0830-1630

Recommended Class Size: 5-12

Audience: Intermediate

Recommended Prerequisites: Completion of Wireshark 1 and Wireshark 2 or equivalent networking and Wireshark experience

More Information: www.scos.training

 

Description:

The emerging technologies of Network Cloud Computing, Cloud Storage and Internet of Things enabled devices are among the recent advances in Networking. Effective analysis and troubleshooting such advanced technologies encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, OpenSource Tools such as Wireshark and Cloudshark to provide insight into the following areas:

  • Specialized and advanced packet capture tips combined with specialized techniques including data traffic reconstruction and viewing
  • Recognition, analysis and threat recognition for a many of the next generation Cloud and IoT technologies including Cloud Computing / Virtualization / IEEE 802.15 Bluetooth / IEEE 802.15.4 ZigBee / IEEE 802.16e WiMAX / Home RF / ZWave / RFID / Infrared / PBCC / 3G / 4G / 5G

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

 

Course Details:

I. Introduction to Advanced Network Analysis

  • Logistics
  • Cloud and Internet of Things (IoT) Network analysis challenges
    • Nomenclature, Terminology and the Next Generation Technologies

II. Collecting the Data – Data Capture

  • Navigating the Wireshark 2 and Cloudshark Virtual User Interfaces
    • Icon and Status Bars
    • Menus and Shortcuts
    • Cloudshark Virtual Interface
  • Data Collection
    • Location – How Network Infrastructure Devices Affect Network Analysis
    • Configuring Wireshark 2.X
      • Configurations – LAN vs. Cloud vs. IoT
      • USBPcap / Androiddump
      • Using capture filters to capture specific types of traffic
    • Stealth / Silent Collection of Data – Tips & Techniques
    • Real-time vs. Post Capture Analysis
      • Monitoring current traffic
    • Cloud and IoT Device Analysis using Wireless Control Panel
      • Wireless Toolbar and WiFi features – WEP / WPA / WPA2 Decryption
      • Bluetooth capture features
  • Is It Good or Bad – The Role of Baselines
    • What’s Normal vs. Abnormal – The Role of Baseline Files
    • Building a Baseline Library – Where Do I go to Find Samples?

III. Cloud Technologies

  • Overview of Cloud-Based Network Communication Architectures
    • Cloud Terminology & Technologies
      • Client-server
      • Peer-to-peer
      • Computer bureau iv. Grid computing
      • Fog computing
      • Dew computing
      • Mainframe computer
      • Utility computing
      • Green computing
      • Cloud sandbox
    • Cloud Enabling and Supporting Technologies
    • Cloud vs. Virtualization
    • Service Oriented Architectures – Service Models
      • Software as a Service (SaaS)
      • Platform as a Service (PaaS)
      • Infrastructure as a Service (Iaas)
  • Analyzing Cloud and IoT Conversations and Activities
    • Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
      • Determining Which Conversations are of Interest – Analyzing Latency and Throughput to recognize and analyze suspicious user traffic
      • Using Wireshark Statistical Features to Isolate and Identify Suspect Conversations
    • A Sample Cloud / IoT Network Analysis Methodology
      • 6 Steps for Cloud / IoT based Network Analysis of suspicious traffic
      • Answering the Key Troubleshooting and Analysis Questions
      • A Sample Network Analysis Methodology
  • Diagraming Conversations – A Picture is worth 1024 Words
    • Related Packet and Intelligent Scrollbar features
    • Constructing a Troubleshooting and Analysis Diagram
      • Tips and Techniques

IV. Internet of Things Technologies

  • Overview and Introduction to IoT-Based Technologies
    • IoT Terminology & Technologies
    • IoT Enabling Technologies
      • Wired
      • Short Range Wireless
      • Medium Range Wireless
      • Long Range Wireless
  • Special Considerations for Analyzing IoT WiFi-Based Traffic
    • IoT / WiFi Fundamentals
      • Frequency, Bandwidth & Channel Considerations
      • Spread Spectrum Technologies
        • Frequency Hopping Spread Spectrum (FHSS)
        • Direct Sequence Spread Spectrum (DSSS)
        • Orthogonal Frequency Division Multiplexing (OFDM)
        • Spatial Division Multiplexing (SDM) iii. IoT MAC Layer
      • Finding a Service Set
      • Connecting, Authenticating & Associating to a Service Set
      • Moving Between and disconnecting from Service Sets
      • IoT Wireless Frame Addressing – Transmitter and Receiver vs. Source and Destination Address
    • IoT / WiFi Frame Translation
  • Key IoT Technologies: SoHo and IoT
    • Structure, Operation and Analysis of Key IoT Technologies:
    • IEEE 802.15 Bluetooth
    • IEEE 802.15.4 ZigBee
    • IEEE 802.16e WiMAX
    • Home RF
    • ZWave
    • RFID
    • Infrared
    • PBCC
    • 3G / 4G / 5G
  • Cloud and IoT Security – Vulnerabilities and Threats
    • Overview of IoT-based Security Vulnerabilities
      • The Key Issue – Competing Standards and Lack of Regulations
    • Rouge Devices
    • Man-in-the-Middle
    • Malware / Ransomware
    • Denial of Service (DoS / DDoS) Attacks
    • Bots / Botnets
    • Fixing the Problem
      • Security Recommendations
      • IEEE 802.1x Radius Overview
      • Wireless Encryption
        • Wired Equivalency Protocol (WEP)
        • WiFi Protected Access (WPA / WPA2)
        • Common Transport Layer Exploits and Examples of Intrusion Signatures

V. Where do we go from Here?

  • Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
  • Wireshark 1 – TCP/IP Network Analysis
  • Wireshark 2 – Advanced Network and Security Analysis
  • Wireshark 3 – Network Forensics Analysis
  • Wireshark 4 – Mobile Device Forensics Analysis
  • Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
  • Wireshark 6 – VoIP Advanced Network Analysis
  • Wireshark 7 – WiFi Advanced Network Analysis
  • Wireshark 8 – SCADA and ICS Advanced Network Analysis