Phoenix TS

Basic Network Analysis 101

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Course Overview

Training promotions may be available, contact a training consultant at 301-258-8200 – Option 2 for more information!

This course examines the TCP/IP protocol suite at the lowest level and prepares the student for the ability to analyze network communications. The course focuses on the main protocols to include DHCP and others. The student will learn how to identify different components of network communications and determine if the communications is normal or abnormal. The student will be introduced to the hacking methodology and the course will conclude with a challenge for the student to deploy the concepts from the class and create their own network analysis cyber range


Basic Network Analysis 101 Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon – *only at participating locations


Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.

Course Outline

Building a Cyber Range 

  • Introduction
  • Selecting the software
  • Commercial
  • Open Source
  • Designing the network
  • Single segment
  • Multiple segments
  • Building the network switches
  • Different types of switches
  • Default IP assignments
  • Adding machines
  • Connecting
  • Configuring
  • Testing

Lab: Designing a Cyber Range

Introduction to TCP/IP 

  • History of TCP/IP
  • RFCs
  • Terminology
  • OS built-in tools 


TCP/IP Protocol Suite 

  • Network layer
  • Internet layer
  • Transport Layer
  • Application Layer 

LAB: TCP/IP Layers 

  • ARP
  • Fragmentation and Reassembly 

LAB: Fragmentation and Reassembly

  • ICMP
  • IPv6
  • Network discovery
  • Router discovery 

LAB: Discovery 

  • TCP
  • 3-way handshake
  • UDP 


  • Packet multiplexing and demultiplexing
  • Sockets
  • NetBIOS
  • Remote Procedure Calls
  • Host naming 

 LAB: Sockets 

IP Addressing 

  • IPv4
  • Types of addresses
  • IPv4 unicast
  • IPv4 multicast
  • IPv4 broadcast
  • IPv6
  • Types of addresses
  • IPv6 unicast
  • Special IPv6 addresses
  • IPv6 multicast
  • IPv6 anycast
  • IPv4 and IPv6 addressing comparison

LAB: IP Addressing


  • IPv4
  • Notations
  • Prefix length
  • Octet subnetting
  • Variable length subnetting
  • IPv6 subnetting 

LAB: Subnetting

 IP Routing 

  • Overview
  • Direct and indirect
  • Routing table
  • Static and dynamic routing
  • Routing protocols
  • Integrating static and dynamic routing
  • RIP
  • OSPF
  • BGP 

 LAB: IP Routing        

Dynamic Host Configuration Protocol 

  • Overview
  • Benefits
  • How it works
  • Messages 


  • DHCP on Windows
  • DHCP on Linux
  • Scopes
  • Reservations
  • OS tools and DHCP 

LAB: Configuring and testing DHCP

Host Name Resolution 

  • TCP/IP naming schemes
  • Host resolution on Windows
  • Host resolution on Linux
  • Hosts files
  • IPv4 entries
  • IPv6 entries
  • Client resolver cache
  • /etc/resolv.conf 

LAB: Naming resolution 

Domain Name System 

  • DNS components
  • DNS names
  • Domains and subdomains
  • Zones 

LAB: DNS components 

  • Recursive queries
  • Caching and TTL
  • Negative caching
  • Roles
  • Forwarders
  • Resource records
  • Zone transfers
  • DNS dynamic updates
  • Windows DNS
  • Linux DNS 

LAB: DNS configuration  

Introduction to Sessions 

  • Host
  • Router
  • Traffic examples
  • Network configuration
  • Web clients
  • DNS Server
  • Web Server 

 LAB: Sessions Intro

  • Web traffic
  • DNS queries and responses
  • Additional records
  • Get and Post
  • Head
  • Form logins 

LAB: Web Sessions 

  • IPv6 delivery
  • IPv6 traffic
  • Network configuration 

LAB: IPv6 Sessions 

IPsec and Packet Filtering 

  • Modes off IPsec
  • Transport
  • Tunnel
  • Key exchange
  • Policies  

LAB: IPsec 

  • Types of packet filtering
  • Stateless
  • Stateful
  • Application Proxy
  • Next Generation 

LAB: Stateless and Stateful packet filtering 

  • Windows firewall
  • Linux iptables
  • FreeBSD pfsense 

LAB: Firewall configuration and deployment 

Virtual Private Network (VPN) 

  • Components
  • VPN connections
  • Encapsulation
  • Encryption
  • Remote access
  • Site to Site
  • Protocols
  • Remote Access Connections
  • Addressing and Routing
  • Configuring
  • Network access authentication 


IPv6 Technologies and Transitions 

  • Dual stack
  • Dual IP layer
  • Tunnels
  • 6 to 4 support
  • Migrating to IPv6 

LAB: IPv6 Technologies  

  • Troubleshooting TCP/IP
  • Problem Identification
  • Troubleshooting tools
  • Verifying connectivity
  • Analyzing packets for hints
  • Reachability tests
  • Name resolutions and addressing
  • Caching and flushing
  • Testing names with ping and nslookup
  • NetBIOS name cache and Windows
  • Check for filtering
  • Session establishment verification 

 LAB: Troubleshooting  

Introduction to Hacking 

  • Abstract methodology
  • Scanning Methodology
  • Vulnerability discovery and analysis
  • Leveraging vulnerabilities 

LAB: Scanning Methodology 

  • Exploit identification
  • Post exploitation 

LAB: Exploitation and Post Exploitation

  • Hacking methodology analysis
  • Exploitation at the packet level
  • Threat classification basics 

LAB: Threat classification and analysis 

Hacking Analysis Methodology 

  • Reviewing the packet capture
  • Live systems and discovery method
  • Open ports
  • Data
  • Sessions
  • Signs of compromise 

LAB: Hacking Methodology Analysis 

Web Application Hacking 

  • Traversal
  • Cross Site Scripting (XSS)
  • HTML injection
  • SQL Injection
  • Remote File Include
  • Parameter Tampering
  • Obfuscation 

LAB: Web Application Hacking Analysis 

Components of Sophisticated Attacks 

  • Encoding and encryption
  • Encapsulation and web 2.0
  • SOAP
  • REST
  • XML
  • Evasion methods 

LAB: Sophisticated Attack Analysis 

Attack Analysis Workshop 

  • Identifying attacks
  • Recognizing evasion methods
  • Determining the exploit tool
  • Using Statistics 

Range Deployment Challenge

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!