When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I purchase the Certificate?

When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Network Traffic Analysis for Incident Response

位教师：Howard Poston

包含在中

了解更多

10个模块

深入了解一个主题并学习基础知识。

中级等级

需要一些相关经验

1 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

10个模块

深入了解一个主题并学习基础知识。

中级等级

需要一些相关经验

1 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

您将获得的技能

您将学习的工具

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

1 项作业

授课语言：英语（English）

91%

of learners achieved a positive career outcome

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

该课程共有10个模块

Learn about the tools and techniques used for analyzing traffic passing over the network. This learning path covers identification and analysis of benign and malicious traffic, examples and case studies of extracting intelligence from traffic data, considerations when building a network monitoring program, and techniques for collecting and analyzing traffic data.

单元详情

Start out on this course by taking a look at what network traffic analysis is and some of its major applications. This introductory module describes network traffic analysis and discusses its applications for monitoring the functionality of networked systems and performing incident response investigations.

涵盖的内容

10个视频

In order to identify anomalous or malicious traffic in a network, it’s necessary to first understand what’s normal. This module discusses the fundamentals of networking, including the OSI model, the differences between TCP, UDP and ICMP and their intended uses, and the purposes of common high-level protocols like HTTP and SMTP.

涵盖的内容

18个视频

18个视频总计56分钟

Fundamentals of networking3分钟
The OSI Model5分钟
Basic network protocols4分钟
Internet protocol (IP)4分钟
Transmission control protocol (TCP)6分钟
User datagram protocol (UDP)3分钟
Internet control message protocol (ICMP)5分钟
Common network protocols1分钟
Address resolution protocol (ARP)3分钟
Domain name system (DNS)5分钟
File transfer protocol (FTP)2分钟
Hypertext transfer protocol (HTTP)3分钟
Internet relay chat (IRC)2分钟
Simple mail transfer protocol (SMTP)1分钟
Simple network management protocol (SNMP)2分钟
Secure shell (SSH)2分钟
Trivial file transfer protocol (TFTP)1分钟
Transport layer security (TLS)4分钟

Wireshark is probably the most commonly used tool for network traffic analysis and will be used throughout this learning path. This module introduces some of the useful features of Wireshark and shows what the protocols discussed in the previous course look like in practice and how the various layers work together to make networking possible.

涵盖的内容

14个视频

Wireshark is probably the most popular tool for network traffic analysis. However, it is not the only one available. This module provides an introduction to some alternatives to Wireshark, covering some of the most useful and unique features of Terminal Shark (Wireshark’s command-line equivalent), CloudShark and NetworkMiner.

涵盖的内容

3个视频

A common use of network traffic analysis is for performing incident response activities. The purpose of these actions is to extract useful intelligence from network captures that can help to inform the rest of the investigation. This module demonstrates how to extract certain types of useful data from a network capture file.

涵盖的内容

8个视频

An organization can be attacked over the network in a variety of different ways. However, some methods are more common than others. In this module, you will see what scanning, data exfiltration, DDoS attacks and attacks against IoT devices look like in a network capture in a series of demonstrations.

涵盖的内容

4个视频

Different types of incident response investigations lend themselves to network-based analysis to different degrees. This module consists of a series of demonstrations where analysis of network traffic is used to infer information about different types of malware, including remote access Trojans (RATs), fileless malware, network worms and multi-stage infections.

涵盖的内容

4个视频

In order to investigate a network traffic capture, it is first necessary to capture it. This module discusses methods and considerations for data collection of network traffic. Topics include considerations for deployment of monitoring appliances and the use of virtualization and deception for data collection.

涵盖的内容

4个视频

Having access to network traffic data is of very limited value without the ability to analyze it. In this module, you will learn about connection-based analysis, statistical analysis and event-based analysis, their relative pros and cons for different monitoring situations, and tools and techniques for performing them effectively.

涵盖的内容

9个视频

In this project, you will need to apply your knowledge and use common network traffic analysis tools to solve multiple challenges. Each challenge involves examining a network traffic capture file containing evidence of malicious activity, such as malware infection, data exfiltration and C2 (command-and-control) communications. You’ll need to find leaked credentials, analyze an attempted DDoS attack, extract files from captures and even more.