CRRC Faculty Professional Development Course: Traffic Analysis for Cybersecurity



May 30-31, 2018



9:00 a.m. - 3:00 p.m. ET



Online (Zoom)



Casey W. O'Brien is the Executive Director and Principal Investigator of the National CyberWatch Center, a cybersecurity education and research consortium focused on advancing cybersecurity education and strengthening the national cybersecurity workforce. Casey has more than 20 years of industry experience in information security and large-scale IT implementation and project management in challenging and cutting-edge environments.


Course Description

This 2-day online course will provide an in-depth look at the core TCP/IP protocols (with a focus on layers 2-4 and DNS) that comprise today’s converged technologies and state-of the-art networks. Students will also learn the functionality and fundamentals of both command line and GUI protocol analyzers and use these tools to analyze both core TCP/IP protocols and security-related traffic captures including, but not limited to:
  • Network/host-based scans
  • Vulnerability scans
  • Password cracking attempts
  • Man-in-the-Middle (MITM) attacks
  • and more!
This course is taught in both lecture and hands-on formats. Upon completion of the course, learners will receive all instructional materials (lecture slides, hands-on lab exercises, trace files) and guidance on how to incorporate them into their classes.


The first 25 registrants that complete the course will receive a $200 stipend.



The course is FREE, as part of funding from the National Security Agency

Grant # H98230-17-1-0231





  • Protocol analyzer functionality and fundamentals
  • Trace file analysis
  • Working with TCP/IP utilities (e.g., traceroute, ping)
  • Address Resolution Protocol (ARP)



Who Should Attend


This course is intended for anyone wishing to understand how communication and network protocols operate (e.g., programmers writing network applications, system administrators responsible for maintaining systems and networks utilizing the various protocols, and users who deal with network and/or security applications on a daily basis). This course will also benefit those wanting to improve their traffic analysis skills, with a focus on TCP/IP and security-related packet captures.


  • Internet Protocol (IP) v4 and v6
  • Internet Control Message Protocol (ICMP) v4
  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)
  • Domain Name System (DNS)





This course will also benefit those teaching the following courses:
  • Networking (CCNA, CCNA Security, CCNP, CompTIA Network+)
  • System Administration
  • CompTIA Security+
  • Information Systems Security
  • IT Security
  • Network Security
  • Network Forensics
  • Intrusion Detection/Prevention Systems
  • Ethical Hacking/Pentesting
  • Systems Analysts


IT Literacy, Concepts, and Terminology:
  • Basic methods of navigating an operating system (can be any OS)
  • Compare and contrast notational systems:
    • Binary
    • Hexadecimal
    • Decimal
    • Octal
  • Compare and contrast common units of measure:
    • Storage unit: bit, byte, KB, MB, GB, TB, PB
    • Throughout unit: bps, Kbps, Mbps, Gbps
    • Processing speed: MHz, GHz
  • Physical machine vs. virtual machine
  • Download and install hypervisor of your choosing (e.g., VMware Fusion)


  • Identify basic wired and wireless peripherals and their purpose
  • Identify the purpose of internal computer components
  • Explain the following terms:
    • IP address
    • Netmask
    • Default gateway
    • Router
    • Switch
    • DHCP
    • Network interface
    • LAN
    • DNS

Willingness to learn