This course was created by DISA and is hosted on CDSE's learning management system STEPP. This course does not have a final exam.

Description: This interactive presentation is designed for DoD Computer Network Defenders (CNDs) that regularly review CND tool logs and network data. This course takes the student through a series of lessons which range from a description of tools to perform intrusion analysis on raw network packet data, to techniques for identifying malicious traffic. The focus is on what a CND analyst should be looking for when investigating the alert logs of CND tools, while defending DoD networks. The topics covered in this course are: Sniffers, Wireshark and the Analysis Process, Client-Side Attacks, and Bots and Botnets.

Course Resources: N/A

Learning Objectives:
This course is designed to enable students to:

  • Identify the basic types of sniffers and filter constructs
  • Explain the use of Wireshark and the capture and display filters available
  • Explain the process for analyzing malicious traffic
  • Explain the variables in client-side attacks
  • Identify bot and botnet network capabilities and traffic

Delivery Method: eLearning

Length: 3 hours

Target Audience: This course is intended for Department of Defense (DoD) information systems incident responders and Intrusion Detection System analysts (intended for use by Department of Defense, military and other U.S. Government personnel and contractors within the National Industrial Security Program). It is recommended that students complete the Introduction to IDS Analysis WBT before taking this course.

Number of Student per Course: N/A


  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: N/A

Prerequisites: Introduction to DoD IDS Analysis DS-IA105.06 CompTia

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?) N/A
  • Professional Development Units per SPēD: 9

System Requirements: Check if your system is configured appropriately to use STEPP

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.