TryHackMe

Network Security and Traffic Analysis - SOC Level 1 (Legacy)

Overview

This repository provides comprehensive walkthroughs for the Network Security and Traffic Analysis module on TryHackMe (THM). Master industry-standard tools and techniques to detect, analyze, and respond to network anomalies in real-world environments.

Keywords for SEO: Network Security, Traffic Analysis, TryHackMe Walkthrough, Wireshark Tutorial, Snort Rules, Zeek Monitoring, TShark CLI, Network Forensics, PCAP Analysis, Threat Hunting, Brim Security, SOC Level 1.

Table of Contents

• Traffic Analysis Essentials
• Snort
• Snort Challenge - The Basics
• Snort Challenge - Live Attacks
• NetworkMiner
• Zeek
• Zeek Exercises
• Brim
• Wireshark: The Basics
• Wireshark: Packet Operations
• Wireshark: Traffic Analysis
• TShark: The Basics
• TShark: CLI Wireshark Features
• TShark Challenge I: Teamwork
• TShark Challenge II: Directory

---

Traffic Analysis Essentials Build a strong foundation in Network Security and Traffic Analysis, learning to identify and investigate network anomalies using proven methodologies and tools. Room Link: https://tryhackme.com/room/trafficanalysisessentials	Snort Master Snort — the open-source IDS/IPS — to detect real-time threats, analyze PCAP files, and write custom rules for proactive network defense. Room Link: https://tryhackme.com/room/snort
Snort Challenge - The Basics Apply your Snort knowledge in a live environment: craft detection rules and analyze real-time network traffic to catch malicious activity. Room Link: https://tryhackme.com/room/snortchallenges1 Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Snort%20Challenge%20The%20Basics Medium: https://rahulcyberx.medium.com/snort-challenge-the-basics-tryhackme-writeup-2025-64200ec0120e	Snort Challenge - Live Attacks Defend a live network under attack using Snort — write rules, tune alerts, and stop threats before they escalate. Room Link: https://tryhackme.com/room/snortchallenges2 Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Snort%20Challenge%20Live%20Attacks Medium: https://rahulcyberx.medium.com/snort-challenge-live-attacks-tryhackme-walkthrough-write-7b6f1c7a4e9e Medium: https://rahulcyberx.medium.com/networkminer-tryhackme-writeup-2025-0c35e8b2e11f
NetworkMiner Explore NetworkMiner for deep packet inspection, file extraction, and network forensics — perfect for reconstructing sessions from captured traffic. Room Link: https://tryhackme.com/room/networkminer Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/NetworkMiner	Zeek Get hands-on with Zeek (formerly Bro) for advanced network monitoring, log generation, and behavioral threat detection at scale. Room Link: https://tryhackme.com/room/zeekbro Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Zeek Medium: https://rahulcyberx.medium.com/zeek-tryhackme-walkthrough-notes-2025-9a182609e658
Zeek Exercises Put Zeek to the test: analyze real traffic, extract intelligence, and build custom scripts to enhance your network visibility. Room Link: https://tryhackme.com/room/zeekbroexercises Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Zeek%20Exercise Medium: https://rahulcyberx.medium.com/zeek-exercise-tryhackme-writeups-2025-dccfd7ed0520	Brim Learn Brim for interactive PCAP analysis, log investigation, and threat hunting — bridging Wireshark and SIEM workflows seamlessly. Room Link: https://tryhackme.com/room/brim Github (Part 1): https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Brim%201%20Log%20Investigation%20and%20PCAP%20Analysis Github (Part 2): https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Brim%202%20Threat%20Hunting Medium: https://rahulcyberx.medium.com/brim-tryhackme-writeups-2025-24aab154857e
Wireshark: The Basics Start your journey with Wireshark: decode protocols, filter traffic, and dissect PCAPs like a network forensics pro. Room Link: https://tryhackme.com/room/wiresharkthebasics Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Wireshark%20Basics Medium: https://rahulcyberx.medium.com/wireshark-the-basics-tryhackme-walkthrough-2025-f37d28e7f5af	Wireshark: Packet Operations Master packet-level operations in Wireshark — follow streams, export objects, and uncover hidden data in complex captures. Room Link: https://tryhackme.com/room/wiresharkpacketoperations Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Wireshark%20Packet%20Operations Medium: https://rahulcyberx.medium.com/wireshark-packet-operations-tryhackme-walkthrough-2025-885cdb72d7b9
Wireshark: Traffic Analysis Use Wireshark to baseline normal traffic, detect anomalies, and hunt for signs of compromise across enterprise networks. Room Link: https://tryhackme.com/room/wiresharktrafficanalysis Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/Wireshark%20Traffic%20Analysis Medium: https://rahulcyberx.medium.com/wireshark-traffic-analysis-tryhackme-walkthrough-2025-c7c1069732c9	TShark: The Basics Learn the basics of Take Wireshark to the command line with TShark — automate analysis, script filters, and process PCAPs at scale. Room Link: https://tryhackme.com/room/tsharkthebasics Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/TShark%20The%20Basics Medium: https://rahulcyberx.medium.com/tshark-the-basics-tryhackme-walkthrough-2025-4260d9f6841d
TShark: CLI Wireshark Features Replicate advanced Wireshark GUI features using TShark — display filters, statistics, and IO graphs, all from the terminal. Room Link: https://tryhackme.com/room/tsharkcliwiresharkfeatures Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/TShark%20CLI%20Wireshark%20Features Medium: https://rahulcyberx.medium.com/tshark-cli-wireshark-features-tryhackme-walkthrough-2025-c6c5e7b9cfb5	TShark Challenge I: Teamwork Team up and use TShark to collaboratively analyze a complex PCAP, extract key evidence, and solve the investigation. Room Link: https://tryhackme.com/room/tsharkchallengesone Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/TShark%20Challenge%201%20Teamwork Medium: https://rahulcyberx.medium.com/tshark-challenge-i-teamwork-tryhackme-walkthrough-2025-cc360bac6c65
TShark Challenge II: Directory Dive into a directory of PCAPs with TShark — automate multi-file analysis, extract indicators, and build a full threat timeline. Room Link: https://tryhackme.com/room/tsharkchallengestwo Github: https://github.com/RahulCyberX/Network-Security-and-Traffic-Analysis/tree/main/TShark%20Challenge%202%20Directory Medium: https://rahulcyberx.medium.com/tshark-challenge-ii-directory-tryhackme-walkthrough-2025-a288ae59b9a5