Level 2 — Protocol & Traffic Analysis
Inspect and analyze network traffic to understand protocol behavior.
Goal
Interpret packet captures, understand protocol behavior and extract relevant information.
Concepts
- TCP three-way handshake, retransmissions, flags
- Payload analysis and data extraction
- Filtering and BPF expressions
Tools
tcpdump,tshark,Wiresharkngrep,scapy(for packet manipulation/generation)
Suggested labs
Introduction to TCP/IP communication, ARP discovery and TCP three-way handshake analysis.
Simulation of an adversary-in-the-middle attack to capture session cookies and bypass MFA in an OT-ICS environment.
Practical exercises
- Capture the TCP handshake between client and server and identify SYN/ACK fields
- Filter traffic by IP/port and export pcap for Wireshark analysis