How do SOC analysts spot attacks hiding inside normal network traffic? In this hands-on lab, you'll monitor real network traffic using **TShark**, **Zeek**, and **Suricata** — the same tools used in enterprise Security Operations Centers.
Master network security monitoring in 30 minutes — from packet capture to threat detection using real SOC workflows.
Welcome to **Tech Sky – Cyber Defense Mastery**. This practical tutorial teaches real-world **Network Security Monitoring (NSM)** skills used by professional SOC analysts and blue team defenders.
⏱️ **Timestamps – Watch Any Section**
00:00 What is Network Traffic Visibility and Why SOCs Fail
01:19 Network Security Monitoring Explained
02:37 Enabling Promiscuous Mode (SPAN & TAP concepts)
05:48 Capturing Packets with TShark (Wireshark CLI)
11:06 Deploying Zeek Network Monitor
15:55 Analyzing Network Logs with Zeek
19:01 Suricata IDS Explained
21:19 Updating Suricata Rules
25:59 Writing Custom Suricata Detection Rules
28:59 Testing Alerts with Nmap Attacks
Short on time? Watch at 1.5× speed.
🛠️ **Tools Used**
* TShark (Wireshark CLI)
* Zeek (Bro IDS)
* Suricata IDS
* VirtualBox
* Ubuntu Server 22.04 LTS
* Nmap
🎯 **What You'll Learn**
* How SOC analysts gain full network visibility
* Packet capture and PCAP analysis using TShark
* Turning raw traffic into intelligence with Zeek
* Detecting attacks using Suricata IDS rules
* Identifying scans, lateral movement, and suspicious behavior
* Building a realistic SOC monitoring lab
📚 **Resources**
GitHub Portfolio Repository
https://github.com/TechSky-EH/cdm-portfolio.gitLab Setup Guide (Previous Lab)
https://youtu.be/TkoYRx8Zu0IWatch Next Lab
(Coming Soon)
Full Cyber Defense Mastery Playlist
https://youtube.com/playlist?list=PLtFfNkV-NGiUgDR5teAVxikv6Vh_w75a9💼 **Who This Is For**
* Aspiring SOC Analysts (Tier 1–2)
* Blue Team & Defensive Security Learners
* Network Administrators moving into cybersecurity
* Students preparing for Security+, CySA+, BTL1, GCIH
🔥 **Why This Skill Matters**
Most cyber attacks are invisible without network monitoring. Modern SOCs rely on TShark, Zeek, and Suricata to detect threats before damage happens. This lab gives you job-ready, portfolio-ready skills.
⚡ **Prerequisites**
* Basic Linux commands
* Networking fundamentals (TCP/IP)
* VirtualBox or any VM platform
📌 **Join Tech Sky Community**
Twitter/X:
https://x.com/TechSkyEHLinkedIn:
https://www.linkedin.com/company/techsky-ehInstagram:
https://www.instagram.com/techsky.ehDiscord:
https://discord.gg/qvHznrVgG🔐 **Disclaimer**
Educational use only. All demonstrations are performed in authorized lab environments.
🏷️ **Hashtags**
#NetworkSecurity #SOCAnalyst #TShark #Zeek #Suricata #CyberDefense #BlueTeam #TechSky