Basic Network Analysis 101

Building a Cyber Range 

• Introduction
• Selecting the software
• Commercial
• Open Source
• Designing the network
• Single segment
• Multiple segments
• Building the network switches
• Different types of switches
• Default IP assignments
• Adding machines
• Connecting
• Configuring
• Testing

Lab: Designing a Cyber Range

Introduction to TCP/IP 

• History of TCP/IP
• RFCs
• Terminology
• OS built-in tools 

LAB: TCP/IP OS Tools 

TCP/IP Protocol Suite 

• Network layer
• Internet layer
• Transport Layer
• Application Layer 

LAB: TCP/IP Layers 

• ARP
• Fragmentation and Reassembly 

LAB: Fragmentation and Reassembly

• ICMP
• IPv6
• Network discovery
• Router discovery 

LAB: Discovery 

• TCP
• 3-way handshake
• UDP 

LAB: TCP and UDP 

• Packet multiplexing and demultiplexing
• Sockets
• NetBIOS
• Remote Procedure Calls
• Host naming 

 LAB: Sockets 

IP Addressing 

• IPv4
• Types of addresses
• IPv4 unicast
• IPv4 multicast
• IPv4 broadcast
• IPv6
• Types of addresses
• IPv6 unicast
• Special IPv6 addresses
• IPv6 multicast
• IPv6 anycast
• IPv4 and IPv6 addressing comparison

LAB: IP Addressing

 Subnetting 

• IPv4
• Notations
• Prefix length
• Octet subnetting
• Variable length subnetting
• IPv6 subnetting 

LAB: Subnetting

 IP Routing 

• Overview
• Direct and indirect
• Routing table
• Static and dynamic routing
• Routing protocols
• Integrating static and dynamic routing
• RIP
• OSPF
• BGP 

 LAB: IP Routing        

Dynamic Host Configuration Protocol 

• Overview
• Benefits
• How it works
• Messages 

LAB: DHCP

• DHCP on Windows
• DHCP on Linux
• Scopes
• Reservations
• OS tools and DHCP 

LAB: Configuring and testing DHCP

Host Name Resolution 

• TCP/IP naming schemes
• Host resolution on Windows
• Host resolution on Linux
• Hosts files
• IPv4 entries
• IPv6 entries
• Client resolver cache
• /etc/resolv.conf 

LAB: Naming resolution 

Domain Name System 

• DNS components
• DNS names
• Domains and subdomains
• Zones 

LAB: DNS components 

• Recursive queries
• Caching and TTL
• Negative caching
• Roles
• Forwarders
• Resource records
• Zone transfers
• DNS dynamic updates
• Windows DNS
• Linux DNS 

LAB: DNS configuration  

Introduction to Sessions 

• Host
• Router
• Traffic examples
• Network configuration
• Web clients
• DNS Server
• Web Server 

 LAB: Sessions Intro

• Web traffic
• DNS queries and responses
• Additional records
• Get and Post
• Head
• Form logins 

LAB: Web Sessions 

• IPv6 delivery
• IPv6 traffic
• Network configuration 

LAB: IPv6 Sessions 

IPsec and Packet Filtering 

• Modes off IPsec
• Transport
• Tunnel
• Key exchange
• Policies  

LAB: IPsec 

• Types of packet filtering
• Stateless
• Stateful
• Application Proxy
• Next Generation 

LAB: Stateless and Stateful packet filtering 

• Windows firewall
• Linux iptables
• FreeBSD pfsense 

LAB: Firewall configuration and deployment 

Virtual Private Network (VPN) 

• Components
• VPN connections
• Encapsulation
• Encryption
• Remote access
• Site to Site
• Protocols
• Remote Access Connections
• Addressing and Routing
• Configuring
• Network access authentication 

LAB: VPN 

IPv6 Technologies and Transitions 

• Dual stack
• Dual IP layer
• Tunnels
• 6 to 4 support
• Migrating to IPv6 

LAB: IPv6 Technologies  

• Troubleshooting TCP/IP
• Problem Identification
• Troubleshooting tools
• Verifying connectivity
• Analyzing packets for hints
• Reachability tests
• Name resolutions and addressing
• Caching and flushing
• Testing names with ping and nslookup
• NetBIOS name cache and Windows
• Check for filtering
• Session establishment verification 

 LAB: Troubleshooting  

Introduction to Hacking 

• Abstract methodology
• Scanning Methodology
• Vulnerability discovery and analysis
• Leveraging vulnerabilities 

LAB: Scanning Methodology 

• Exploit identification
• Post exploitation 

LAB: Exploitation and Post Exploitation

• Hacking methodology analysis
• Exploitation at the packet level
• Threat classification basics 

LAB: Threat classification and analysis 

Hacking Analysis Methodology 

• Reviewing the packet capture
• Live systems and discovery method
• Open ports
• Data
• Sessions
• Signs of compromise 

LAB: Hacking Methodology Analysis 

Web Application Hacking 

• Traversal
• Cross Site Scripting (XSS)
• HTML injection
• SQL Injection
• Remote File Include
• Parameter Tampering
• Obfuscation 

LAB: Web Application Hacking Analysis 

Components of Sophisticated Attacks 

• Encoding and encryption
• Encapsulation and web 2.0
• SOAP
• REST
• XML
• Evasion methods 

LAB: Sophisticated Attack Analysis 

Attack Analysis Workshop 

• Identifying attacks
• Recognizing evasion methods
• Determining the exploit tool
• Using Statistics 

Range Deployment Challenge