[Workshop - DMV/Online] - Network Traffic Analysis with Marcelle Lee
Tell a Friend About This EventTell a Friend
[Workshop - DMV/Online] - Network Traffic Analysis with Marcelle Lee

When: Saturday, September 9th
1 - 5:30
Where: University of Maryland - Computer Science Instructional Center (CSIC)
Bldg 406, Rm 1121
College Park, Maryland 
United States

Online registration is closed.
« Go to Upcoming Event List  

Network Traffic Analysis 
Saturday, September 9, 2017. 1:00p – 5:30p


This is a hands-on workshop where you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran!

Packet analysis is a fascinating topic!    We analyze network traffic for a variety of reasons, such as troubleshooting, detection of malicious activity, and for forensics, specifically network forensics.  Packet analysis is  commonly performed in Security Operation Center (SOC) environments, by incident responders, cyber crime investigators, and others.  It falls under the category of “Investigate” in the Cybersecurity Workforce Framework.  

Level: 200 

  • Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered.  These courses are meant to be introductory level, or provide the training for entry level certifications.
  • Level 200 courses are designed for students with some security experience, looking to advance or learn in new topics.
  • Level 300 courses are designed to offer expert level courses and training on specific topics.  Typically, a general understanding and knowledge of the topic being presented is an expected prerequisite.  

**No one is excluded from attending a course at a level higher than their current experience.  However, the course will move at the pace designed for the level of the course.

Where do I fit? See full description here

Students in this course will need to bring a Windows laptop with
WinHex and FTKImager installed.  

Topic Details:

In this workshop we will review basic networking concepts and then practice analyzing network captures using a variety of tools such as Wireshark, NetWitness, and Network Miner.  

Objectives – What You Will Leave Knowing

  • Why analyze network traffic

  • Basic networking concepts, OSI model, TCP/IP stack

  • Typical network protocols

  • How to capture network traffic

  • What “normal” traffic looks like  

  • What malicious traffic looks like

  • How to extract forensic artifacts


Marcelle Lee is currently working as a malware analyst and is also an adjunct professor in digital forensics and network security.  Additionally, she provides security consulting and training  services through her company  Fractal Security Group, LLC.  She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST NICE Cyber Competitions Working Group, and the ISACA CSX Certification Task Force.  

Marcelle has earned the CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC,  C|EH, CCNA, Security+, Network+, and ACE industry certifications.  She holds four degrees, having recently completed a master’s degree in cybersecurity.  In 2016 she received the Chesapeake Regional Tech Council Women in Tech (WIT) Award.   Marcelle regularly presents at conferences and training events, and has volunteered as a CFP reviewer and speaker mentor.  

Prerequisites – What You’re Expected to Know

  • Basic knowledge of networking concepts


1-1:30: Set-up, introductions

1-5:  Training 

(Please note that this will be active workshop time - if you have not completed set-up it will be challenging to follow.)

5-6:  Wrap-up, Q&A


  • Laptop, 4GB RAM, the more RAM, the better.  

  • Wireshark for your operating system.

  • tcpdump or windump

  • Network Miner, NetWitness (Windows only, optional)

A download link for the workshop materials will be provided.  


You can still participate in this workshop as an observer if you do not have a computer available. 

Remote and Male Associate Member Participation:

Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations. It’s recommended that you have a 2nd monitor to view the screen-sharing.


Early Bird Special - 40% off member and non-member price

Full/Student/Military Member:  $80

Associate Member and Remote Attendee: $35

Non-Member: $120



University of Maryland - Computer Science Instructional Center (CSIC)

Bldg 406, Rm 1121

Need to get parking permit ahead of time $17 (there's a football game)