CBTLinuxtraining: BPF Edition

4th
FEB

Posted by upa_kid under Networks, Operating System, Video Training

LinuxCBT BPF Edition focuses on the implementation of Berkeley Packet Filters with common network analysis tools: TCPDump, Snort, and WireShark.

The ability to efficiently filter network traffic on today’s high-throughput networks is key to proper recording and analysis. Various network intersections move disparate traffic, depending on perspective. Consequently, it can be superfluous to filter inappropriately, resulting in mounds of unparseable data.

If you are/will be responsible for handling packet logging and analysis for your organization, you will invariably search for inherent efficiencies that Berkeley Packet Filters (BPF) provide.

Let LinuxCBT BPF Edition cost-effectively strengthen your ability to parse network traffic!

Recommended Prerequisites for LinuxCBT BPF Edition:

Basic Experience with Linux | Unix or any LinuxCBT OS Course /EL-5|SLES-9|10|11/)
Open mind & determination to master Linux and related open-source applications
Basic understanding of networking concepts
Access to a PC to follow the exercises

Berkeley Packet Filters (BPF) Security – Module XI

Introduction – Topology – Features
Discuss course outline
Explore network topology
Identify key systems to be used
Discuss key BPF features
Type Qualifiers
Identify type qualifiers
Explore examples
Write filters for various scenarios
Test and debug filters
Directional Qualifiers
Discuss features and benefits
Identify directional qualifiers
Write filters for various scenarios
Test and debug filters
Protocol Qualifiers
Identify protocol qualifiers
Explore a number of protocols and options
Write filters for various scenarios
Test and debug filters
Combine type, directional and protocol qualifiers
Evaluate results
Rule (Filter) Negation | Alternation | Concatenation
Discuss features and benefits
Write alternated filters for various scenarios
Write concatenated filters for various scenarios
Write negated filters for various scenarios
Test and debug filters
Evaluate results
Rule (Filter) Segregation with Parenthetical Statements
Discuss features and benefits
Write parenthesized rules for various scenarios
Write alternative rules and contrast
Test and debug parenthesized and alternative rules
Evaluate results
TCPDump & Windump
Discuss features and benefits
Explore useful features of both utilities
Execute with key options
Apply additional BPFs
Evaluate results
BPFs with Snort® NIDS|NIPS
Discuss features and benefits
Install Snort®
Explore useful options
Apply predefined BPFs
Evaluate results
BPFs with WireShark Capture | Analysis Engine
Discuss features and benefits
Explore useful options
Invoke with useful options
Apply predefined BPFs
Extend and archive BPFs
Evaluate results
BPF Lists
Discuss features and benefits
Generate BPF lists for sample scenarios
Supply lists to utilities for processing
Archive lists for reuse
Evaluate results
Home: http://sevno.org/