0Pricing
Cyber Security Academy · Lesson

Network Forensics with Wireshark

Analyze PCAP files for C2 beaconing, credential theft, data exfiltration, and protocol anomalies.

Network Forensics Overview

Network forensics analyzes captured packet data (PCAP files) to reconstruct network-level attacker activity: lateral movement, C2 communication, credential theft, data exfiltration, and protocol anomalies invisible in host-based forensics.

Capturing Traffic

Collect network evidence with Wireshark (interactive), tcpdump (CLI), or dedicated network taps. Deploy span ports or network taps on critical segments before incidents occur. Retrospective analysis requires pre-existing capture infrastructure.

tcpdump -i eth0 -w capture.pcap -s 0
tcpdump -r capture.pcap host 192.168.1.10

All lessons in this course

  1. Disk Imaging and File System Forensics
  2. Memory Acquisition and Volatility Framework
  3. Timeline Analysis and Artifact Correlation
  4. Network Forensics with Wireshark
← Back to Cyber Security Academy