I recently finished Chris Sanders‘ Applied Network Defense online course for Practical Packet Analysis. Before I give you my impressions of the course, let me give you an idea of where I’m coming from and what I expected.
I never captured a packet before mid-2017.
I knew I’d need some practice analyzing packets to maximize my experience in the SANS SEC503; Intrusion Detection in Depth course later this year. I’ve never had a job role that gave me the opportunity to work hands-on with networks so at times networking can be an Achilles heel of mine. I’ve done a lot of reading and a little bit of experimenting at home, so I was eager to pour myself into some labs and figure out what I could do and what I needed to work harder toward.
I purchased myself a course license and started chipping away at the materials in September. I also bought a copy of Chris’s Practical Packet Analysis book through No Starch to use as a reference.
The Practical Packet Analysis course runs on demand (you can start as soon as you purchase a license) and includes more than 100 videos and more than 20 lab exercises. It’s available to you for 6 months. I worked on it off and on a few hours a week for about 5 months and I noted a few lectures and labs I’d like to revisit in my last few weeks of access. Because it was that good.
This course covers so much material.
It does a really incredible job of incrementally walking the student through progressively more specific and challenging material. You start off with some high level network concepts and a lot of attention to the OSI Model, work into understanding how those protocols and activities manifest in real life, and then top it off with learning to efficiently comb through the packets captured from this network activity with tcpdump and Wireshark.
This course is worth every hour you put into it.
I will be able to use things I learned in this course immediately, even without needing to analyze packets daily in my day job. The lectures are well communicated. The material is current and specific. Chris Sanders doesn’t lean on expensive tools or on only one way to approach a question. He teaches you to think it through and answers questions by providing applicable advice instead of answers. Certainly you can skim past sections you already know and visit subjects you’re struggling with more than once. I particularly benefited from focusing on understanding the explanations for the malware labs analysis, examining HTTP responses, carving out transferred files, and exploring traffic manipulation.
I’m pleased to have finished the course and definitely open to taking any of the other Applied Network Defense Courses when I need to go deeper into the other available subjects.