Introduction to Network Analysis

							                                                                          Introduction to
                                                                        Network Analysis
                                                                               ML-B101-3




Introduction to Network Analysis
This course provides an introduction to Network Analysis (also referred to as Protocol
Analysis). Just as an x-ray technician examines the internal view of a broken arm or leg,
the network analyst looks inside the network communications to identify excessive
broadcasts, unanswered requests, slow response times, poorly-written applications, and
chatty communications. There are numerous network problems that do not generate any
error messages so network analysis is a fundamental step for anyone who is
troubleshooting, optimizing or securing a network.


Recommended Pre-Requisites
None – this is great introductory material

Included Course Materials
•   High-quality audio and visual training modules
•   Presentation slides and handouts

Duration
•   Self-paced study
•   Seven modules totaling 4 hrs, 37 min

Participants Learn About
•   Analyzing Switched Networks
•   Analyzing and Troubleshooting Ethernet Networks
•   Pattern Analysis: Quick Identification of Bad
    Applications
•   References and Resources for Protocol Analysts
•   Introduction to Network Analysis (Part 1 & 2)
•   Hot Tools 2003

Other Suggested Training
•   Advanced Network Analysis
•   Network Analysis, Troubleshooting and Cyber
    Crime (E-Manual)
•   Introduction to Network Analysis Podbook
•   Advanced Network Analysis Podbook
•   Introduction to Network Analysis Video Seminar
    (with electronic manual)

Complete Master Library Information:
Web site:        www.packet-level.com/library/
E-mail:          library@packet-level.com
                                                                                                  Introduction to
                                                                                                Network Analysis
                                                                                                         ML-B101-3



Detailed Course Outline

Analyzing Switched Networks                                   Introduction to Network Analysis (Part 1 & 2)

This module examines the reason why protocol analysis         Network analyzers offer an insight into network
is more difficult on switched networks than on hubbed         communications that can increase the efficiency of
networks. After defining the importance for listening to      troubleshooting and help secure networks. This course
switched network ‘noise,’ Laura offers several options for    introduces the students to the functionality and
tapping in and observing switched traffic using               placement of network analyzers. Statistics on protocol
spanning/mirroring, hubbing out, and remote switch            usage, conversations, utilization and packet rates are
monitoring.                                                   used for troubleshooting and security.

Laura explains the various situations and reasons why         Students learn how triggers and alarms can be used for
she chooses one option or another and addresses the           unattended analysis and how the ‘laying on of hands’
issue of tracking MAC (media access control)-layer errors     process helps define overall network ‘personality’.
in a switched environment. This unit also covers VLAN         Latency testing techniques (wire and application
(virtual LAN) traffic analysis, methods for analyzing full-   processing testing), pattern analysis, and filtering are
duplex network traffic, and the symptoms of a network         also discussed from a real-world perspective. This course
switch attack.                                                is recommended for all IT personnel.

Analyzing and Troubleshooting Ethernet Networks               Hot Tools 2003

Starting with an examination of CSMA/CD, this course          Every year Laura puts together a list of her favorite
looks at the common errors found on Ethernet networks         analysis and security testing tools. This year’s set
(shorts, longs, CRC faults, alignment errors, jabber          includes wired and wireless protocol analyzers,
packets, etc.) and defines their most probable causes.        vulnerability scanners, OS fingerprinters, multiple
The module also examines full-duplex issues, collision        steganography applications, data injectors/manipulators,
and broadcast domains.                                        antennas, and multifunction tools that’ll make anyone’s
                                                              head spin.
Pattern Analysis:      Quick    Identification    of   Bad
Applications                                                  Laura provides a brief description of each tool and gives
                                                              examples of how these tools can be used to test or
Learn to recognize faulty network patterns without            troubleshoot networks. Some tools are there just for fun!
learning the whole protocol stack or application
functionality. Patterns examined include repetitive sets,     Many of these tools are contained on Laura’s Lab Kit
large delays, unanswered requests, stupid file transfers,     (available at www.podbooks.com).
disconnections,     retransmissions,   route    problems,
improper redirection, brain-dead application, and SYN-ful
applications.

References and Resources for Protocol Analysts

Where can analysts look to determine who registered the
port number used by an application or to find the port
numbers used by various Trojans? What if the analyst
needs to find an attack signature for an IIS attack?

This unit provides a listing of sites and books that will
support network analysis work.