Flow data represents a summary of conversation between two hosts. It provides valuable information to assist investigation and analysis of network and security issues. Unlike deep packet inspection, flow data does not rely on packet payloads. Instead the analyst relies on information gathered from packet headers. This provides the analyst a neutral view of network traffic flow by tracking network sessions between multiple endpoints simultaneously. In addition, having network flow data will provide a better visibility of network events without having the need to perform payload analysis.

With the implementation and deployment of Network Flow technologies, an analyst can discover different types and classes of network activities, be it normal or abnormal. In this training we will show you how to interpret Network Flow data and perform practical Network Flow Analysis.

While high level theory explanations are extremely useful, hands-on exercises are even better. Each chapter is accompanied by practical hands-on exercises such as exporting network flow data from Unix and Cisco-based routers, performing simple operations such as IP accounting, network baselining, and identifying different kinds of network anomalies and attacks.

Day 1:

Morning
- Pre-Network Flow Analysis: Going Back to Basics
- Network Flow Concepts And Foundations

Afternoon
- Network Attacks Mechanisms
- Building A Flow-Enabled Architecture

Day 2:

Morning
- Network Flow Toolkit: Introduction to Argus
- The Basics of Network Flow Analysis

Afternoon
- In Depth Network Flow Analysis Using Argus Client And Other Tools

Who Should Attend

Network Security Analyst
Network Administrator
ISP Network Architect
System Administrator