Tutorials | Training |
Tutorials
Browse by TagsPrerequisites
Cheatsheets
Basic Stuff
Operational Modes
Special Features
Forensics
Layer 7 (Cleartext)
- Domain Name System (DNS)
- File Transfer Protocol (FTP)
- HyperText Transfer Protocol (HTTP)
- Post Office Protocol (POP)
- Server Message Block (SMB)
- Simple Mail Transfer Protocol (SMTP)
- Telnet
- Trivial File Transfer Protocol (TFTP)
- Voice over IP (VoIP), Session Initiation Protocol (SIP), Real-time Transport Protocol (RTP)
Layer 7 (Encrypted)
Export T2 Flows
Routing and Switching
Network Management
Mining and AI Applications
T2 Kung Fu
Plugin Development
- Plugin development cheatsheet
- The basics: your first flow plugin
- Advanced: Write plugins from scratch
- Adding plugin end report
- Adding plugin monitoring output
- Adding plugin packet output
- Producing summary files
- Geo-whois-labeling
- All about plugin dependencies
- Alarm mode
- Force mode
- Pcap extraction
- Manipulating flow timeouts
- Plugin sinks
- Developing Tranalyzer plugins in C++
- Developing Tranalyzer plugins in Rust
Coming soon
- DNS over HTTPS (DoH)
- Modbus
- MQ Telemetry Transport Protocol (MQTT)
- Lightweight Directory Access Protocol (LDAP)
- Simple Network Management Protocol (SNMP)
- STUN, TURN, ICE and NAT-PMP
- IRC
- Transformations: FFT
- Let us know what you need!
Training for Traffic Mining/Network Forensics
The training is intended for anyone who is willing to learn more details about IP traffic and the principle of flow-based Traffic Mining (TM).
You will be trained to do an analyst’s hands-on job trying to find anomalies in real, unencrypted and encrypted IP traffic. In the process, you might get stuck in a foxhole and have to learn how to dig yourself out. Remember, nothing is like it seems initially... or maybe it is.
There are currently two options for training:
- Basic Training: Three days at any location of convenience.
- Boot Camp: Two weeks to one month, depending on the goal of expertise. The Boot Camp includes homework and training in AI traffic classification.
Prerequisites
- A Linux laptop and working knowledge of command line bash is required.
- Rudimentary knowledge of awk and gnuplot is nice to have.
Basic Training
- Introduction to the most important IP protocols and header features
- Introduction to methods of Traffic Mining for troubleshooting and security
- Several hands-on exercises
- Introduction to Tranalyzer
- Philosophy, configuration and compilation operations
- Most important plugins, including configuration constants
- Flows and global reports
- How to write your own plugin in C
- Hands-on exercises on several PCAPs, in groups or alone
Advanced Training: Boot Camp
- Like the Basic Training, only more detailed and with more hands-on exercises (3 days)
- Application of AI in TM: do's and don'ts (2 days)
- Encrypted packet forensics with minimum knowledge: one packet (2–5 days, depending on you)
- Homework: several PCAP exercises to find anomalies
- How to write your own automated post-processing script for Tranalyzer output (1-2 weeks, depending on you)
- The 50GB PCAP: who finds the anomaly first? (If you need more that 10min, you failed)
- Write Tranalyzer plugins for specific purposes in encrypted TM (taming the beast)
For additional information, do not hesitate to contact us