Tutorials
Cheatsheets and APIs
Basic stuff
Operational modes
Mining and AI applications
Special features
Forensics
Layer 7 (cleartext)
- DNS: Domain Name System
- HTTP: HyperText Transfer Protocol
- IRC: Internet Relay Chat
- SMB: Server Message Block
- POP: Post Office Protocol
- SMTP: Simple Mail Transfer Protocol
- FTP: File Transfer Protocol
- TFTP: Trivial File Transfer Protocol
- Telnet
- VoIP, SIP and RTP: Voice over IP, Session Initiation Protocol and Real-time Transport Protocol
Layer 7 (encrypted)
Traffic labeling
Export T2 flows
Routing and switching
Network management
T2 Kung Fu
Plugin development
Plugin dev. (advanced)
Coming soon
- DoH: DNS over HTTPS
- LDAP: Lightweight Directory Access Protocol
- Modbus
- MQTT: MQ Telemetry Transport Protocol
- SNMP: Simple Network Management Protocol
- STUN, TURN, ICE and NAT-PMP
- Transformations: FFT
Training for traffic mining/network forensics
The training is intended for anyone who is willing to learn more details about IP traffic and the principle of flow-based Traffic Mining (TM).
You will be trained to do an analyst's hands-on job trying to find anomalies in real, unencrypted and encrypted IP traffic. In the process, you might get stuck in a foxhole and have to learn how to dig yourself out. Remember, nothing is like it seems initially... or maybe it is.
Basic training
Three days at any location of convenience.
- Introduction to the most important IP protocols and header features
- Introduction to methods of Traffic Mining for troubleshooting and security
- Several hands-on exercises
- Introduction to Tranalyzer
- Philosophy, configuration and compilation operations
- Most important plugins, including configuration constants
- Flows and global reports
- How to write your own plugin in C
- Hands-on exercises on several PCAPs, in groups or alone
Advanced training: boot camp
Two weeks to one month (depending on the goal of expertise).
Includes homework and training in AI traffic classification.
- Like the Basic training, only more detailed and with more hands-on exercises (3 days)
- Application of AI in TM: do's and don'ts (2 days)
- Encrypted packet forensics with minimum knowledge: one packet (2–5 days, depending on you)
- Homework: several PCAP exercises to find anomalies
- How to write your own automated post-processing script for Tranalyzer output (1-2 weeks, depending on you)
- The 50GB PCAP: who finds the anomaly first? (If you need more that 10min, you failed)
- Write Tranalyzer plugins for specific purposes in encrypted TM (taming the beast)
Prerequisites:
- A Linux laptop and working knowledge of command line bash is required.
- Rudimentary knowledge of awk and gnuplot is nice to have.
Registration and request for information:
Contact us to register or request additional information.