1. What is Network Traffic Analysis?


Network Traffic Analysis (NTA) is the process of capturing, observing, and understanding network data as it flows between devices.
In simple terms:
- Who is communicating with whom?
- Which protocol is being used?
- Is there any suspicious activity?

The main tool used: Wireshark
It allows you to capture and inspect network packets in real time.

2. Lab Objectives


This lab will help you:
- Understand how networks work
- Capture real network traffic
- Identify:
- DNS requests
- HTTP / HTTPS connections
- Suspicious traffic
- Think and act like a SOC analyst

3. Tools Used


Wireshark
- Packet capture and analysis
- Deep inspection (IP, TCP, DNS…)

Web Browser (Chrome / Firefox)
- Generate real traffic

Operating System (Windows / Linux)
- Lab environment

4. Wireshark Interface (Tabs & Sections)


Main Interface



1. Packet List
- Displays all captured packets
- Important columns:
- Time
- Source
- Destination
- Protocol
- Length
- Info

Used to quickly spot unusual traffic

2. Packet Details
- Full breakdown of the selected packet:
- Ethernet
- IP
- TCP / UDP
- DNS / HTTP

Used for deep analysis

3. Packet Bytes
- Raw hexadecimal data

Used for:
- forensic analysis
- reverse engineering

4. Filter Bar
- Used to filter traffic
Examples:
dns
http
ip.addr == 8.8.8.8

This is the most powerful feature

5. Lab Steps (Click-by-Click)

Step 1: Install Wireshark
On Windows:
1. Download from official website
2. Run installer
3. Install Npcap (IMPORTANT)
4. Click Next → Next → Finish

Step 2: Launch Wireshark
1. Open Wireshark
2. You will see multiple interfaces:
- Wi-Fi
- Ethernet

Choose the one showing activity

Step 3: Start Capture

1. Double-click on Wi-Fi (or Ethernet)
2. Capture starts immediately

You will see packets flowing in real time

Step 4: Generate Traffic
1. Open your browser
2. Visit a website (e.g., google.com)

Wireshark will capture:
- DNS requests
- TCP handshake
- HTTP/HTTPS traffic

Step 5: Filter Traffic
In the filter bar:

DNS:
dns

HTTP:
http

Specific IP:
ip.addr == 192.168.1.1

Press Enter to apply

Step 6: Analyze a Packet
1. Click on a packet
2. Check:
- Source IP
- Destination IP
- Protocol
3. Expand:
- TCP → ports
- DNS → domain name

Example:
You will see a DNS request to google.com

Step 7: Stop Capture
1. Click the red Stop button

Step 8: Save Capture
1. File → Save As
2. Format: .pcap

6. Expected Results


By the end of the lab, you should be able to:
✅ See live network traffic
✅ Identify:
- DNS queries
- HTTP/HTTPS traffic
- Source/Destination IPs
✅ Understand:
- Who is communicating
- Why
- How

7. Real SOC Use Case


This lab helps detect:
- Malware communication
- Data exfiltration
- Suspicious connections
- DNS tunneling

8. Actions to Take (If Suspicious Activity Found)


- Block suspicious IP (Firewall)
- Isolate the machine
- Analyze packets deeply
- Correlate with SIEM

9. Prevention


- Continuous network monitoring
- IDS/IPS (Snort, Suricata)
- System updates
- DNS filtering



 

 

 

 



 

     

      

      
 

      

      

 


 

 

 

       

          

 

Copyright © All rights reserved.

 

     
* Cybersecurity Analyst
* SOC Analyst
* Security Operations Center
* Cloud Security
* DevSecOps
* Information Security
* Cybersecurity Engineer
* Threat Detection
* Incident Response
* SIEM Monitoring

---

# 🛡️ 2. Mots-clés SOC (très importants pour recrutement)

* SOC Analyst Tier 1
* SOC Analyst Tier 2
* Security Monitoring
* Log Analysis
* Security Alerts
* Threat Hunting
* Malware Analysis
* Phishing Detection
* Brute Force Detection
* Incident Investigation
* Security Events
* Blue Team

---

# ☁️ 3. Mots-clés Cloud Security

* Cloud Security Engineer
* AWS Security
* Azure Security
* Cloud Infrastructure Security
* Cloud Threat Detection
* Cloud Monitoring
* Identity and Access Management (IAM)
* Cloud Compliance
* Cloud Security Best Practices

---

# ⚙️ 4. Mots-clés DevSecOps

* DevSecOps Engineer
* Secure CI/CD Pipeline
* Security Automation
* Infrastructure as Code Security
* Docker Security
* Kubernetes Security
* Application Security
* Code Security
* SAST / DAST
* Continuous Security

---

# 🔬 5. Mots-clés techniques (très puissants SEO)

* Splunk
* ELK Stack (Elasticsearch, Logstash, Kibana)
* Microsoft Sentinel
* Wireshark
* Sysmon
* Linux Security
* Windows Security Logs
* Network Security
* Firewall Logs
* IDS / IPS

---

# 🚀 6. Mots-clés “portfolio / recrutement”

👉 Très important pour être trouvé par RH

* Cybersecurity Portfolio
* SOC Analyst Portfolio
* Cybersecurity Projects
* Cybersecurity Labs
* Security Use Cases
* Threat Detection Lab
* Cybersecurity Skills
* Entry Level Cybersecurity
* Junior Cybersecurity Analyst

---

# 📈 7. Mots-clés SEO longue traîne (ULTRA PUISSANT)

👉 Ceux-là font la différence 🔥

* Cybersecurity analyst portfolio website
* SOC analyst projects and labs
* How to detect cyber attacks using SIEM
* Cybersecurity incident response examples
* Cloud security best practices for beginners
* DevSecOps security pipeline example
* SIEM log analysis tutorial
* Threat detection use cases

---

# 🧠 STRATÉGIE SEO (très important)

## 📌 Où mettre ces mots-clés :

* Page d’accueil (titre + description)
* Page “About”
* Page “Labs”
* Titres H1 / H2 / H3
* Meta description
* URL des pages

---

# 🏆 EXEMPLE DE TITRE SEO (à utiliser)

👉
**Cybersecurity Analyst Portfolio | SOC, Cloud Security & DevSecOps Projects**

---

# 🏆 EXEMPLE META DESCRIPTION

👉
**Cybersecurity Analyst portfolio with hands-on labs in SOC monitoring, SIEM, Cloud Security and DevSecOps. Available for hiring.**

---
 

Manager DSI (secteur bancaire)

🎯 Mots-clés principau

# 🏦 🔥 1. Mots-clés Manager DSI (secteur bancaire)

## 🎯 Mots-clés principaux

* IT Manager
* IT Director
* Head of IT
* IT Governance
* Information Systems Management
* Digital Transformation
* IT Strategy
* Enterprise IT

---

## 🏦 Spécifique BANQUE (très puissant)

* Banking IT Systems
* Core Banking Systems
* Financial Information Systems
* Banking Cybersecurity
* Risk Management Banking
* IT Compliance Banking
* Data Protection Banking
* Financial Security

---

## ⚖️ Gouvernance & conformité

* IT Governance Framework
* COBIT
* ITIL
* Risk Assessment
* Business Continuity Plan (BCP)
* Disaster Recovery Plan (DRP)
* Regulatory Compliance

---

## 📊 Management & pilotage

* IT Project Management
* Team Leadership IT
* IT Operations Management
* KPI IT Performance
* IT Service Management (ITSM)
* Strategic IT Planning

---

# 🏥 🛡️ 2. Mots-clés RSSI (hôpital / santé)

## 🎯 Mots-clés principaux

* Chief Information Security Officer (CISO)
* Information Security Manager
* Cybersecurity Governance
* Security Risk Management
* Security Policies

---

## 🏥 Spécifique SANTÉ (très important)

* Healthcare Cybersecurity
* Hospital Information Systems (HIS)
* Patient Data Protection
* Medical Data Security
* Health IT Security
* Electronic Health Records (EHR) Security

---

## 🔐 Sécurité & conformité

* ISO 27001
* NIST Cybersecurity Framework
* GDPR Compliance
* Data Privacy
* Access Control
* Identity Management

---

## 🚨 Gestion des incidents

* Incident Response Management
* Security Operations Management
* Cyber Risk Assessment
* Vulnerability Management
* Threat Intelligence

---

# 🚀 🧠 3. Mots-clés hybrides (TRÈS PUISSANTS 🔥)

👉 Ceux-là font le lien entre ton profil actuel et ton évolution :

* Cybersecurity Leadership
* IT Security Strategy
* Enterprise Security Architecture
* Security Governance
* IT Risk Management
* Digital Security Transformation
* Cloud Security Governance