Education and Training Opportunities Catalogue (ETOC)

Click on different tabs to view the course relevant details. To launch ETOC, login into e-ITEP system with your login credentials.
View Course

<<
>>

Web Linkhttp://www.natoschool.nato.int/Academics/Resident-Courses/Course-Catalogue/Course-description?ID=107
Last Date Updated04/May/2021 9:20
Training InstitutionNATO - School Oberammergau (NSO)
DisciplineCyberspace Operations (COP)
AreaCyber Defence Operations (CD)
Depth of knowledge Level300 - Advance
NATO Course CertificationNATO Approved

Course CodeCOP-CD-31396
Course TitleNetwork Traffic Analysis
ETF Course CodeM6-111
Delivery MethodBlended
Course DescriptionThe aim of this course is to develop students who are able to master the methods and techniques used in gaining deep insight into the operations, use, investigation, and troubleshooting of cyber systems.
Course NotesFor further information (e.g. list of eligibility requirements) please refer to the full course description via the above given web link.

Learning Objectives1. Plan for Data Collection: Based on guided, hands-on lab exercises, independently completed challenge problems, and Distance Learning (DL) analysis problems, students will be able to systematically plan for data collection, in accordance with the guidelines provided by the course material. 2. Capture Traffic of Interest: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will capture traffic of interest, in accordance with the guidelines provided by the course material. 3. Analyze Traffic: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems, students will analyse the traffic in accordance with the guidelines provided by the course material. 4. Demonstrate Appropriate NT Actions: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems on traffic analysis, students will demonstrate appropriate action as a result of the analysis in accordance with the guidelines provided by the course material. 5. Employ Expert Systems: For a given data collection, students will be able to determine who is talking, what applications are being used, filter on conversations of interest, create statistical graphs related to issues of interest, employ expert systems to recognize anomalies and diagnose problem areas in accordance with the guidelines provided by the course material. 6. Demonstrate Network Analysis, Troubleshooting, Security Analysis and Performance Evaluation Methods: Given the skills acquired during the course, students will demonstrate general analysis, network troubleshooting, security analysis, and application performance evaluation in accordance with the guidelines provided by the course material. 7. Apply Wireshark/Tshark/Kismet/LibCap/Wincap Tools: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will demonstrate the use of Wireshark, tshark, kismet, and libpcap/Wincap in accordance with the guidelines provided by the course material. 8. Describe Wireshark Functionality: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems, students will describe functionaility of Wireshark to include dissector evaluation, capture filters, display filters, and IO graph development in accordance with the guidelines provided by the course material 9. Prevent Cyberattacks: Based on guided, hands-on lab exercises, independently completed challenge problems, and DL analysis problems students will identify the precursors of a cyber attack to allow them to take preventive measures in accordance with the guidelines provided by the course material. 10. Diagnose Root Causes of Suspect Traffic: In the case of forensic analysis, students will be able to identify suspect traffic and make associations to identify root causes in accordance with the guidelines provided by the course material.
Course Language(s)

Structure of the CourseResident (1 wk) - eLearning (8 wk) - Resident (1 wk)

Active CourseYes
Course Active from01/Jan/2011
Course Deactivated on31/Dec/2026
Course Duration (in days)10.0

Security ClearanceNU: NATO UNCLASSIFIED
Training AudienceM: NATO, PfP, MD, ICI and other nations as approved
ePrime Reference NumberACT.371

Tuition Fee per Student (Euro)3500.00
Fees for Accommodation and Meals (Euro)0.00

Payment Authority

Select the Level 1 Eval associated with this course.
The Level 2 Test dropdown currently only applies to SCORM compliant courses.
Two Step Application Override (Reqs approval for applying into Iteration)No
Submit course for ETOC UploadNo
Requires Secure AccessNo