DEF CON Forum Site Header Art


No announcement yet.

Chris Greer - TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark

  • Filter
  • Time
  • Show
Clear All
new posts

  • number6
    Start time updated from 9am to 8am.

    Leave a comment:

  • Chris Greer - TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark

    Chris Greer - TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark
    Latest details, requirements, description, cost:

    Training description:

    Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.

    Course overview:

    Day 1 – Each topic has a hands-on lab

    Core Wireshark Concepts
    The OSI Model and Protocol Headers
    Capture Methods in a switched environment –Configuring a ring buffers with dumpcap
    Configuring a Hacking Profile in Wireshark
    Creating Custom Columns and Display filters
    Core Protocols
    ARP / IP / ICMP / DHCP / DNS Overview
    TCP Analysis – This will spill to Day 2
    The Handshake and Options
    Sequence and Acknowledgement
    SACK and Dup Acks
    Resets and Fins – how connections are torn down
    What Firewalls and IDS look for – War Stories
    Analyzing Attack Traffic – Threat Hunting
    Packets and the MITRE ATT&CK framework
    Configuring GeoIP
    Catching an NMAP scan – Stealth, Null, Xmas, and Connect
    How OS Enumeration works and how to catch it
    Analyzing Malware Behavior on the Wire – Trickbot, Emotet and more

    Student skill level:

    This is an intermediate course that will not leave the beginner behind. The labs are also designed so more experienced users will not get bored. There will be CTF-style questions to keep them busy.

    What should students bring to the Training?:

    a laptop with a recent copy of Wireshark from


    Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.

    Trainer(s) social media links:

    Previous Trainings:

    TCP Fundamentals (from Sharkfest – Approx 120 attendees) -
    TCP Congestion Control Explained- Advanced TCP Concepts -
    Analyzing NMAP with Wireshark -

    DATE:Aug 15th to 16th 2022
    TIME:8am to 5pm PDT
    VENUE:Caesars Forum Ballroom
    TRAINER:Chris Greer

    - 16 hours of training with a certificate of completion for some classes
    - COVID safety: Masks required for indoor training
    - Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
    - Note: Food is NOT included
    Last edited by number6; August 14, 2022, 21:10.