Network traffic data can be a rich source of information for cybersecurity and IT management. Malware is delivered and performs command and control communications over the network, and the software sends and receives a wealth of data over the network. The course provides an introduction to analyzing network traffic data with Python. Python is an ideal tool for this task because it is freely available and has numerous modules that support network traffic analysis, data science, and other tasks. This course will build familiarity and skills in network traffic analysis via a series of hands-on exercises and examples. By examining, modifying, and building custom scripts for network traffic analysis, you'll how to access and select network traffic data, analyze it, and interpret the results.
Instructor
Freelance blockchain and cyber security trainer, author, consultant, and technical content developer
Howard Poston
Howard Poston is a a freelance cybersecurity and blockchain security author, course creator, consultant, and content developer. I am the author of Python for Cybersecurity and Blockchain Security from the Bottom Up and have created dozens of online courses and written hundreds of blogs, ebooks, whitepapers, and other content for various cybersecurity and blockchain organizations.
-
1
Python for Network Traffic Analysis
-
Intro
-
-
2
Module 1
-
Intro
-
Preparing Environment
-
Packet Capture in Wireshark
-
Getting started with Scapy.
-
-
3
Module 2
-
Intro
-
Feature Selection
-
Extract Features of Interest
-
-
4
Module 3
-
Intro
-
Flow Data
-
Network Graph
-
Network Graph
-
-
5
Module 4
-
Intro
-
Extract HTTP
-
Credentials
-
IoCs
-
File Carving
-
Learning Objectives
By the end of this course, you should be able to:
-
Understand how to analyze network traffic, including what features to extract and how to analyze them.
-
Use Python and Scapy to analyze network traffic in packet capture files and live captures.
-
Develop custom Python scripts to answer questions with network traffic data.
Module 1: Getting Started with Network Traffic Analysis in Python
- Setting up the development environment (libraries, packet capture files, etc.).
- Looking at a packet capture in Wireshark (provides better visualizations).
- Getting started with Scapy.
- Loading a packet capture into Scapy.
- Viewing capture contents.
- Accessing fields of a traffic capture.
Module 2: Feature Selection for Network Traffic Analysis
- Explore the structure of a network packet in Wireshark/Scapy.
- Identify the fields that would be useful/useless for network traffic analysis (for example, server ports are useful, while client ports are not since they are random).
- Write code that extracts features of interest for further analysis.
- Perform basic analysis of traffic (i.e. clustering, etc.) using extracted features.
Module 3: Flow-Level Traffic Analysis
- Discuss the concept of network flows (i.e. high-level header data with no packet contents).
- Write code to convert a packet capture or live traffic capture to flow data.
- Generate a network map with flow data.
- Classify systems based on role in the organization (end-user systems, various types of servers, etc.).
- Identify potential data exfiltration with flow data.
- Identify anomalous sessions for future analysis (i.e. differentiating a successful login attempt from a failed one, etc.)
Module 4: Packet-Level Traffic Analysis
- Discuss the pros and cons of packet-level analysis.
- Write code to extract packet payloads, HTTP headers, and other features of interest.
- Extract credentials and other sensitive data from unencrypted communications.
- Identify encoded and encrypted data within packet contents.
- Extract potential indicators of compromise (IoCs) to identify malicious traffic.
- Carve files from network traffic for further analysis.
Background knowledge needed
Helpful, but not required to know.
-
Knowledge of Python
-
Network Traffic Analysis
-
Data Science
This course is suitable for cybersecurity and IT professionals, as well as data analysts, interested in using Python to analyze network traffic data.
Gain hands-on experience in accessing, manipulating, and interpreting network data to improve security and IT management. Python's versatility and extensive module support make it an ideal tool for this purpose.