Staff Information

Instructor: Prof. Justin P. Rohrer
Office: TBD
Office Phone: TBD
E-mail: (preferred)

Meeting Times

Lecture (MLC): Wednesdays (usually) 13:00–15:50
Lab Help Session (MLC): Selected weeks 11:00–12:50
Final (Online): Th, 3/10: 09:00–12:00

Course Goal:

Upon successful completion of the course, the student shall be able to state the role of network traffic analysis in network engineering, security, and optimization. The student will be able to enumerate and explain the observable characteristics of networks and network devices and how to use these characteristics as discriminators. Through laboratory reinforcement, students will gain an understanding of defensive and offensive operational traffic analysis techniques including: spatial and temporal anomaly detection, origin-destination traffic matrix estimation, application and workload mix determination, deep-packet inspection, network and device tomography, and intrusion detection. Students will learn tools and techniques appropriate to proactive and reactive situations for either internal or external network traffic analysis. Finally, students will gain an understanding of the basic legal issues associated with network monitoring.

Course Description:

Explores fundamentals of packet-switched network traffic analysis at the network layer and above as applied to problems in traffic engineering, economics, security, etc. Explores the design and integration of analytic tools and techniques into the fabric of the network including: spatial and temporal anomaly detection, origin-destination matrix estimation, application mix determination, deep-packet inspection, fingerprinting, intrusion detection and insider threat mitigation. Finally, the course covers active defense and offensive methods reliant on traffic analysis.

Course Schedule:

A mix of interactive lectures and problem solving exercises will be used to investigate the topic material in class. Students are responsible for reading the material in the text that supports each topic of discussion prior to its presentation. Supplemental material may be provided as necessary to augment material in the text. Our schedule will evolve over the duration of the quarter; check back frequently as this website is the primary mode of coordination.


None. Use the course website for papers, lectures, and handouts.



Late work accrues a penalty of 10% off per business day.
Academic honesty: abide by the NPS Honor Code, no exceptions.


As this is an applied course on network traffic analysis, there is a strong emphasis on the labs which account for 30% of your grade. Labs will be assigned on the web site and will be worked on both in and out of lab time. During lab time, the professor will be available to assist. Some labs will span multiple weeks: due dates will be posted on the class schedule. You may discuss your lab with others in the class, but your code, solutions, and writeup must be your own. You must list all collaborators.

Labs should be turned in via the CLE website under the assignments section. The writeup should be in PDF. No other formats accepted.