SANS: Packet Analysis with Jake Williams
Series 1

Learn how to analyze HTTP/HTTPS, SMB/CIFS, SMTP/IMAP and DNS traffic with this video series from Endace and SANS

In this series of videos, incident response expert, "Malware Jake" Williams gives a breakdown of common protocols: using Wireshark to demonstrate how they work, and what to look for when you are investigating alerts or threat hunting.

Introducing Jake Williams

Packet Analysis with Jake Williams

In this video series, SANS Instructor, US-Army Veteran, and experienced cybersecurity practitioner, "Malware Jake" Williams, provides a hands-on introduction to analyzing common network protocols - HTTP, RDP, SMTP/IMAP and CIFS. Jake uses Wireshark to examine packet traces and along the way shares some invaluable "power-user" Wireshark tips-and-tricks.

Looking at each of these common protocols in turn, Jake demonstrates: 

  • How the protocol works 
  • What "normal" traffic looks like 
  • Indicators of compromise to look out for 
  • How attackers can hide evidence of their activity in common traffic 


This is an ideal series of videos for those new to packet analysis and network forensics. But even experienced packet analysts will be sure to learn something new.

 

 

Episode 1: Using Packet Analysis to Understand HTTP Traffic


Episode 2: Using Packet Analysis to Understand SMB/CIFS traffic


Episode 3: Using Packet Analysis to Understand SMTP/IMAP traffic


Episode 4: Using Packet Analysis to Understand DNS traffic


Who is Endace?

Endace specializes in scalable, high-speed, high-performance packet capture. Our solutions are used by some of world’s biggest organizations on some of the fastest networks on the planet.

If you are looking for a packet capture solution, we’d love to show you why Endace is the best choice. Contact us to book a demo or ask a question.

Contact us