SANS: Packet Analysis with Jake Williams
Learn how to analyze HTTP/HTTPS, SMB/CIFS, SMTP/IMAP and DNS traffic with this video series from Endace and SANS
In this series of videos, incident response expert, "Malware Jake" Williams gives a breakdown of common protocols: using Wireshark to demonstrate how they work, and what to look for when you are investigating alerts or threat hunting.
Introducing Jake Williams
In this video series, SANS Instructor, US-Army Veteran, and experienced cybersecurity practitioner, "Malware Jake" Williams, provides a hands-on introduction to analyzing common network protocols - HTTP, RDP, SMTP/IMAP and CIFS. Jake uses Wireshark to examine packet traces and along the way shares some invaluable "power-user" Wireshark tips-and-tricks.
Looking at each of these common protocols in turn, Jake demonstrates:
- How the protocol works
- What "normal" traffic looks like
- Indicators of compromise to look out for
- How attackers can hide evidence of their activity in common traffic
This is an ideal series of videos for those new to packet analysis and network forensics. But even experienced packet analysts will be sure to learn something new.
Episode 1: Using Packet Analysis to Understand HTTP Traffic
Episode 2: Using Packet Analysis to Understand SMB/CIFS traffic
Episode 3: Using Packet Analysis to Understand SMTP/IMAP traffic
Episode 4: Using Packet Analysis to Understand DNS traffic
Get in touch
Who is Endace?
Endace specializes in scalable, high-speed, high-performance packet capture. Our solutions are used by some of world’s biggest organizations on some of the fastest networks on the planet.
If you are looking for a packet capture solution, we’d love to show you why Endace is the best choice. Contact us to book a demo or ask a question.