Posted on Jan 11, 2017
SSG Derek Scheller
SSG SSG Derek Scheller
8.7K
8
6
3
3
0
Posted >1 y ago
Avatar feed
Responses: 1
SGT Writer
0
0
0
SGT
Posted >1 y ago
What training would you suggest for someone interested in Information Security Analyst/Engineer?
(0)
Comment
(0)
show previous comments  
SGT Writer
SGT (Join to see)
>1 y
SSG Derek Scheller - So, Learn:
Event log files
Dissecting TCP packets (Wireshark?)
Splunk/ArcSight
CEH/SANS GCIH

Alright. And the fun begins.
(1)
Reply
(0)
SSG Derek Scheller
SSG Derek Scheller
>1 y
SGT (Join to see) - I would use wireshark to start with since it breaks everything down (Don't try to look at it live, capture the traffic, save it and then open it in wireshark). One of the best ways to capture the traffic is run TCPDump and export it to a .pcap and then stop it once you feel you have enough traffic. This includes sending/receiving files as well as logins so that you can see what everything will look like in Wireshark. Finally try to get your hands on trial versions of software like Savvius' Omnipeek as it can break down data flow and timelines a lot better.
(1)
Reply
(0)
SGT Writer
SGT (Join to see)
>1 y
SSG Derek Scheller - Will that Omnipeek also help me understand the results from the TCP packets ?
(0)
Reply
(0)
SSG Derek Scheller
SSG Derek Scheller
>1 y
SGT (Join to see) - Possibly but I would start my study on what a tcp packet looks like, what data can be carried in it and how long each section is. SANS has great cheat sheets for that as well.
(1)
Reply
(0)
Avatar small
1px xxx
Suspended Profile
Posted >1 y ago
Good to go!
Read This Next
RallyPoint Home

Join nearly 2 million former and current members of the US military, just like you.

Log In
© RallyPoint Networks, Inc 2024

RallyPoint is not affiliated with DoD
close

Welcome to RallyPoint!

Terms of Service | Privacy Policy I'm a civilian Supporter