TCP/IP Analysis/Troubleshooting - UAMAC Herramientas

hollowtabernacleNetworking and Communications

Oct 26, 2013 (4 years and 8 months ago)


TCP/IP Analysis/Troubleshooting
This course shows participants how to interpret and troubleshoot such TCP/IP
communications as Address Resolution Protocol (ARP), Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), Internet Control Messaging Protocol (ICMP) and
Internet Protocol Version 4 (IPv4). In addition, the course covers the processes of port,
name, proximity, route and MAC-address resolution. By the end of this course, students
will notice the most common faults found in TCP/IP communications and they will be
more aware of the security issues that arise from TCP/IP's open nature.

Recommended Pre-Requisites
Before taking this course it is recommended that
participants get access to a network protocol analyzer
so that they can run network traces and load sample
trace and filter files.

Included Course Materials • High-quality audio and visual training modules
• Sample trace and filter files
• Presentation slides and handouts

• Self-paced study
• Seven modules totaling 7 hrs, 22 min

Participants Learn About

• Analyzing & Troubleshooting ARP
• Analyzing & Troubleshooting TCP Communications
(Part 1 & 2)
• Analyzing UDP (User Datagram Protocol)
• Getting That Packet on the Wire (TCP/IP
• Internet Control Messaging Protocol (ICMP)
• Internet Protocol Version 4 (IPv4)
Other Suggested Training

• The TCP/IP Analysis & Troubleshooting Podbook

Complete Master Library Information:

Web site:



Training for McAfee Security Products including McAfee Entercept
, McAfee IntruShield
, and Sniffer Technologies

Detailed Course Outline
Analyzing & Troubleshooting ARP
This module examines the various uses of ARP and
provides the knowledge necessary to recognize ‘normal’
and abnormal ARP operations.
Analyzing & Troubleshooting TCP Communications
(Part 1)
This course covers TCP’s connection-oriented
functionality, a normal TCP handshake, a failed TCP
handshake, the sequence/acknowledgment process, data
direction changes and the connection termination
process. Laura also goes into the TCP header’s flag fields
(Urgent, ACK, Push, Reset, Synchronize, and Finish) and
demonstrates how these fields affect the processing of
TCP packets. Finally, Laura provides an example of the
type of TCP communications she doesn’t want to see on a
Analyzing & Troubleshooting TCP Communications
(Part 2)
This unit continues to look at TCP functionality with an
emphasis on the TCP receiver window, congestion
window, and sliding window processes. Laura defines the
TCP Slow Start and Congestion Avoidance mechanisms
used to control the TCP data stream without overloading
the network. Other topics include the Urgent Pointer
process (and related hacks), Maximum Segment Size
(MSS) calculation, Window Scale Option, TCP
Timestamping, and Selective Acknowledgment (SACK).
These TCP modules are highly recommended for anyone
responsible for maintaining a corporate network.
Analyzing UDP (User Datagram Protocol)
Laura explains the function of UDP and provides several
examples of UDP-based communications gone badly.
Getting That Packet on the Wire (TCP/IP
Following the process required to convert a standard
application command (FTP CORPFS1), Laura explains the
foundation of communications using port resolution,
name resolution, route resolution, and finally, MAC-
address resolution.
This segment follows the processes that are executed to
build a TCP header, IP header and an Ethernet II frame
structure. Laura explains the exact packet sequence for
analyzing network communications and includes
variations caused by remote DNS servers, remote
destination servers, and ‘non-optimal’ default gateway
settings. Finally, participants get the chance to
troubleshoot a network communication problem when
Laura can’t connect to her email server.
Internet Control Messaging Protocol (ICMP)
This course assigns reading homework to bring the
student up to speed on the various uses of ICMP. It
demonstrates how to identify UDP port scans, OS
fingerprinting operations, and Ping/Smurf attacks. Laura
shares a few details about the October 2002 attack on
her 13 root DNS servers, while offering tips on how to
protect network devices and infrastructures from similar
crippling attacks.
This module also covers how hackers eavesdrop on CEOs’
communications by changing the flow of traffic with ICMP
redirection. And, finally, participants may test their skills
by decoding a series of ICMP packets to follow the trail of
a redirection process.
Internet Protocol Version 4 (IPv4)
This course provides a packet-level view of IP
functionality and header structure. Laura begins by
looking at IP versions and a ‘heads-up’ on IPv6
development. Next, she focuses on how IP routing
decisions are made and how the student can read and
interpret his/her client routing tables during the unit. As
she digs into the IP header structure, participants learn
the intricacies of packet and header length calculations,
IP fragmentation (and fragmentation-related attacks);
and, students get some hot information on how the IP
header Type of Service field has changed to include
Explicit Congestion Notification (ECN) functionality.
To provide the greatest breadth of exposure to IP header
interpretation, Laura covers the IP header decodes
offered by Ethereal, Sniffer Pro and EtherPeek NX.
Finally, participants test their IP knowledge by opening a
trace file and completing a lab based on IP header