30 Hours(For Regular Course)

4-8 Hours(For Capsule Course)

Enroll Now

Request more information

Intrusion Detection In-Depth

This web-based training course on Intrusion Detection In-Depth functionality, administration and development, is available online to all individuals, institutions, corporates and enterprises in India (New Delhi NCR, Bangalore, Chennai, Kolkatta), US, UK, Canada, Australia, Singapore, United Arab Emirates (UAE), China and South Africa. No matter where you are located, you can enroll for any training with us - because all our training sessions are delivered online by live instructors using interactive, intensive learning methods.

In this growing digital world of both consumers and the industry, the possibilities and chances of getting hacked by alien entities have become increasingly prominent. Intrusion detection involves the methods and procedures of defending enterprise and consumer networks. It involves the understanding and use of various underlying theories of TCP/IP and application protocols as well such as HTTP and HTTPs to analyze the traffic over the network in an intelligent manner and thus detect any intrusions. As the world of security is consistently changing it becomes increasingly important that the threat mitigation environment is made more effective and efficient. The most vulnerable of these systems in terms of intrusion detection would be mobile devices which are always connected to worldwide networks. Network intrusion detection is thus highly important and needs to be taken up seriously.

This network intrusion detection course takes the trainees through a comprehensive knowledge track on how to detect anomalies in the network systems which can be tracked to possible intrusions. A number of open source tools are put to use for this purpose and will be taught such as, TCPdump, WireShark, Snort, Bro and many more. Using these tools, hands on training will be provided to make the trainees proficient to working with network intrusions and their detection and mitigation. Our Intrusion detection course makes the trainees acquainted with the core knowledge tools and also the techniques which will help them defend systems. There are no pre-requisites for the course but it will be beneficial if the trainees have a basic understanding of how networks and networking administration works.

Fundamentals Of Tcp/Ip

  • Communications Models In Tcp/Ip
  • Encapsulation/De-Encapsulation of Data
  • Detailing Of Bits, Bytes, Binary, And Hex

Overview To Wireshark

  • Exploring Wireshark
  • Examining Wireshark Statistics
  • Streaming Reassemblies
  • Seeking Content Of Packets

Network Access/Link Layer

  • Overview To 802.X Link Layer
  • Protocols Of Address Resolution
  • Spoofing Of Arp


  • Examining Fields In Theoretically And In Practice
  • Checksums And Its Usage In Ids/Ips
  • Fragmentation And Involvement Of Ip Header Fields
  • Composition Of Fragments
  • Fragmentation Attacks


  • Differences From Ipv4
  • Ipv6 Addresses
  • Neighbor Discovery Protocols
  • Extension Headers
  • Ipv6 Transitions

Wireshark Display Filters

  • Methods By Which Wireshark Creates Display Filters
  • Creation Of Display Filters

Writing Of Tcp dump Filters

  • Protocol Formats
  • Sampling Of Attacks
  • Challenges In Detection


  • Protocol Formatting
  • Attacking Samples
  • Challenges Of Detection


  • Vital Role Of Dns In Internet
  • The Process Of Resolution
  • Caching Process
  • Dnssec Processes
  • Malicious Dns And Cache Poisoning

Ids/Ips Evasion Theory

  • Theory And Implications In Evasions In Protocol Layers
  • Evasions Sampling
  • Need Of Target-Based Detection

Analysis Of Real-World Traffic

  • Client Attacks
  • Ddos Attacks
  • Four-Way Handshaking Procedure
  • Tcp Reset Attack
  • Malformed Dns Dos

Operational Lifecycle Of Open-Source Ids

  • Planning, Installing, Configuring, Running, Customizing, Auditing, Refinement, And Updating

Introduction To Ids

  • Ids Functions
  • Role Of Analyst In Detection
  • Snort And Bro Flow Process
  • Comparing Snort And Bro


  • Overview Of Concept Of Network Flow
  • Understanding The Usage Of Flow

Packet Crafting

  • Scapy To Craft, Read/Write From And To Pcaps
  • Altering And Sending Packets

Common C2 Methods, Tor And Dnscat2

  • C2 Methods Theory
  • Examining Generated Traffic
  • Detection Strategies

Network Forensics

  • Introduction To Network Forensics
  • Indicators Of Network Issues
  • Investigating Incidents

Correlation Of Indicators

  • Examining Log Files
  • Ossec
  • Understanding The Methods Of Correlation


  • Examination Of Fields Theoretically And In Practice
  • Dissection Of Packets
  • Checksums
  • Normal And Abnormal Tcp Stimulus And Response
  • Tcp Reassembly For Ids/Ips


  • Examining Fields Theoretically And In Practice
  • Udp Stimulus And Response


  • Examining Fields Theoretically And In Practice
  • Icmp Messages Usage
  • Usage In Mapping And Reconnaissance
  • Normal Icmp
  • Malicious Icmp

Advanced Wireshark

  • Export Of Web Objects
  • Extraction Of Smtp Attachment Contents
  • Methods Of Wireshark Investigation Of An Incident
  • Tshark

Detection Methods In Application Protocols

  • Pattern Matching
  • Protocol Decoding
  • Anomaly Detection And Mitigation

Microsoft Protocols

  • Smb/Cifs
  • Msrpc
  • Detection Challenges


  • Overview To Snort
  • Planning In Snort
  • Deployment Scenarios
  • Running

Comparison Of Snort And Bro For Analyzing Same Traffic

  • Examination Of Output Through Snort Alerts And Bro Logs
  • Performing Bro Log Correlation
  • Customization Of Bro For Adding A New Signature
  • Raising A Notice About Malicious Traffic

The importance and need of network security is unparalleled as jeopardizing this can lead to large scale and grave damaging issues in the system. Consequently, individuals and professionals who are security savvy and can easily work in networks against security threats are in great demand. Additionally, the demands for such professionals and experts will only grow in the future as the growth of digital networks cannot cease to slow down much less become extinct. This intrusion detection course is highly recommended for security administrators and ethical hackers willing to grow their expertise to better levels.

1. Are lab-sessions available after theory sessions?

We provide online lab facilities to all our students, wherever possible & applicable, using a combination of one or more options, including global ASP setups, live-environments, real-time simulations, training-videos, PPTs, Screenshots and others.

2. Who and how qualified are the instructors?

All our instructors go through a rigorous and multiple processes of filtering and selection before they are appointed by us. Only the most qualified, most experienced and best suited candidates are chosen as instructors.

3.What are the machine requirements for the course?

You must have a fairly good desktop PC or laptop. You can even access these courses on your tabs or smart phones. For PCs and laptops the configuration should be at-least an Intel Pentium processor, 4GB of RAM and 50 to 100 GB of free hard disk space. You must also have a good and steady WiFi internet connection which works at 3G or 4G speeds.

4.How will I undergo practical training in the course?

Depending on the type of lab facilities available for the course you have enrolled in for our instructor would be happy to help you in your lab sessions.

5.What is the process to get my questions/queries answered?

Get in touch with your trainer. You can also consult your batch-mates. We believe in collaborative and practical learning.

6.Can a free demo session be provided?

We do not provide free demo sessions.

7.Will there be a provision for repetition if I miss a class?

We encourage our trainees to attend all sessions. If you have missed a session we will try out best to update you on it, if possible. Else you will need to pay a small fee to have a repeat session arranged specifically for you.

8.Does your organization provide assistance in job hunting?

We are connected across the industry in India and abroad. We will pass on any job openings from our customer to our trainees. But we are not a manpower placement provider.

9.How and where can I make the payment?

You can pay using any credit or debit card in India or abroad. You can also pay using your PayPal account.

10. Will practice material or tests be also provided with the course?

Yes. As required & as applicable.

11.What is the minimum or maximum batch size?

Minimum/maximum batch sizes vary from course to course, depending upon a number of factors. It can vary from as few as 2 to as many as a few hundred, in some cases. But that number does not impact the quality of training that we deliver due to our tight quality-control mechanisms.

All trainees will be provided with a course participation and completion certificate by Aurelius Corporate Solutions. Please note, we are an independent provider of learning solutions. We are not affiliated in any manner to any company or organization.

Copyright © 2016 Aurelius Corporate Solutions Pvt. Ltd. All Rights Reserved.