Tranalyzer Background

Tutorials and Boot Camp for Troubleshooting and Security Analytics



You will be trained to do an analyst’s hands-on job trying to find anomalies in real, unencrypted and encrypted IP traffic. In the process, you might get stuck in a foxhole and have to learn how to dig yourself out. Remember, nothing is like it seems initially … or maybe it is.


The training is indended for anyone who is willing to learn more details about IP traffic and the principle of flow-based Traffic Mining (TM). A linux laptop and working knowledge of command line bash is required. Rudimentary knowledge of awk and gnuplot is nice to have.


There are currently two options for training:


  • A tutorial, duration 3 days at any location of convenience.
  • The Boot Camp, two weeks to one month, depending on the goal of expertise, at RUAG Switzerland or at a location of your choice. The Boot Camp includes homework and training in AI traffic classification.

+ Tutorial Content


  • Introduction to the most important IP protocols and header features
  • Introduction to methods of Traffic Mining for troubleshooting and security
  • Several hands-on exercises
  • Introduction to Tranalyzer
  • Philosophy, configuration and compilation ops
  • Most important plugins, including config constants
  • Flows and global reports
  • How to write your own plugin in C
  • Hands-on exercises on several pcaps, in groups or alone

+ Boot Camp Content


  • Like the Tutorial Content, only more detailed and with more hands-on exercises (3 days)
  • Application of AI in TM: Do and don’ts (2 days)
  • Encrypted packet forensics with minimum knowledge: One Packet (2–5 days, depends on you)
  • Homework: several pcap exercises to find anomalies: How to write your own automated post-processing for Tranalyzer output (1-2 weeks, depends on you)
  • The 50GB pcap: who finds the anomaly first? (If you take more that 10min, you failed)
  • Writing Tranalyzer plugins for specific purposes in encrypted TM (taming the beast)


  • Don’t hesitate to contact us for additional information under tranalyzer at rdit dot ch