Signature analysis, brief introduction to Snort IDS, ICMP packet capture analysis, common TCP/UDP ports, network baselining, the TCP 3-way handshake, and checking TCP flags.

3:26 – Example of Snort IDS rules
9:45 – md5sum usage
14:45 – ifconfig command in Linux
15:22 – Using tcpdump to capture packets
17:05 – Viewing packet captures with tcpdump
20:09 – Examining ICMP packet captures
20:54 – Using ipconfig in Windows
23:20 – Known port numbers
27:19 – Examining the TCP 3-way handshake in packet captures

Reference materials

Network Defense and Countermeasures Guide – Chapter 4
Wireshark 1.9 manual: https://cet4663c.pbworks.com/w/file/62450910/4663_Wireshark_manual.pdf
The great debate: network vs. protocol analysis: http://www.symantec.com/connect/articles/great-ids-debate-signature-analysis-versus-protocol-analysis

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.