The article was prepared by OTUS expert - Alexander Kolesnikov for future students of the course “Network engineer. Basic " .
We invite everyone to an open webinar on the topic “Ethernet. From birth to the present day . " Participants, together with an expert, will review the common Ethernet Layer 2 protocol, analyze the pros and cons of the technology. This will give an understanding of why a local area network on Ethernet works in a certain way, and explain where the limitations in its work originate from.
The article will tell you about the methods of parsing and detecting malicious network interaction on the network. The information is provided for your reference. It will cover the basic tools for analyzing network traffic and review sources for practice examples.
Networking Analysis
, . «» ? «» , , — , , .
:
;
;
;
;
, DDoS
:
;
.
WireShark tcpdump
. . ?
"malicious pcap". . , . , , . .
: , , — .
Trickbot. , , , , :
24 , , , :
, Windows, Windows AD. . , :
ip , 149.28. :
``` ip.addr==172.16.1.101 && tcp.port==65483 &&
ip.addr==149.28.140.9 && tcp.port==80```
:
, , MS Office. VBA:
, . :
tls
, . ? , .
:
. OSI HTTP over TLS. "Game Over" , . ?
. , ( , ) .
:
ClientHello TLS
. : . , . : «» , .
«Network engineer. Basic».
«Ethernet. ».