Wireshark University Europe Home | Contact
 
 
 Home
 
Wireshark University
Certification Course
CORE 1
CORE 2
 
  Self-Paced Courses
Functionality and Fundamentals
TCP/IP Network Analysis
Troubleshooting Network Performance
Network Forensics and Security
 
  Self-Paced Courses
Laura Chappell's Master Library
 
 
AirPcap
CACE Pilot
Training Dates
 
 Contact


Wireshark University

Core 1 -
Wireshark University Certification Course

In this lab-based course, you will discover effective Wireshark operations and packet-level TCP/IP communications by examining both properly and poorly performing networks as you prepare for the Wireshark Certification Exam. Spend half your class time learning the features of Wireshark, the world's most popular analyzer. After that, you'll focus on reviewing both the normal and abnormal communication patterns of the TCP/IP suite and most common applications, including DHCP, DNS, FTP, Telnet, HTTP, POP, and SMTP. With a strong emphasis on hands-on lab exercises and real-world case studies in this course, you'll gain skills that can be used immediately following the class.

What You'll Learn

Prepare for the Wireshark Certification Exam

  • Place the analyzer properly for traffic capture on a variety of network types
  • Capture packets on wired and wireless networks
  • Configure Wireshark for best performance and non-intrusive analysis
  • Navigate through large communication files and alter packet appearance
  • Use time values to identify network performance problems
  • Create statistical charts and graphs based on network traffic
  • Filter out traffic for more efficient troubleshooting and analysis
  • Save, export, and print network analysis details
  • Use Wireshark's Expert System to pinpoint network problems
  • Use the TCP/IP Resolution Flowchart to identify possible communication faults
  • Analyze normal/abnormal Domain Name System (DNS) traffic
  • Analyze normal/abnormal Address Resolution Protocol (ARP) traffic
  • Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic
  • Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic
  • Analyze normal/abnormal User Datagram Protocol (UDP) traffic
  • Analyze normal/abnormal Transmission Control Protocol (TCP) traffic
  • Analyze normal/abnormal Dynamic Host Configuration Protocol (DHCP) traffic
  • Analyze normal/abnormal Hypertext Transport Protocol (HTTP) traffic
  • Analyze normal/abnormal Telnet traffic
  • Analyze normal/abnormal File Transfer Protocol (FTP) traffic
  • Analyze normal/abnormal Post Office Protocol (POP) traffic
  • Analyze normal/abnormal Simple Mail Transfer Protocol (SMTP) traffic

Course Outline

1. Introduction to Wireshark

  • History, Authors, and License
  • How Wireshark Works
  • Wireshark Folders, Plug-Ins, and Help
  • Command-Line Tools
  • Resources and References for Analysts
  • WinPcap Essentials
  • CACE Technologies - AirPcap™ and Pilot™

2. Analyzer Placement

  • Location, Location, Location
  • Half-Duplex Hub-Out
  • Full-Duplex Tapping
  • Switch Port Spanning
  • Wireless Capture Options

3. Capturing Packets

  • Active Interfaces
  • Capture to a File
  • Capture to a Ring Buffer
  • Open and Work with File Sets
  • Default Capture Filters
  • Create New Capture Filters
  • Avoid Dropped Packets
  • Command-Line Capture: Tshark.exe
  • Command-Line Capture: Rawshark.exe
  • Command-Line Capture: Dumpcap.exe
  • Test Yourself

4. Configuring Global Preferences

  • Customize the User Interface
  • Set Global Capture Preferences
  • Define Name Resolution Preferences
  • Alter Protocol Settings
  • My Favorite Preferences

5. Navigation and Colorization Techniques

  • Go To a Specific Packet Number
  • Find Packets Based on Payload
  • Sort Columns
  • Use and Customize Packet Colors
  • Mark Packets
  • Show a Packet in a New Window
  • Test Yourself

6. Using Time Values and Summaries

  • Use the Default Time Column Setting and Precision
  • Use Time Between Packets
  • Set a Time Reference and View Capture Time
  • Troubleshooting with Time
  • Analyze Summary Information
  • Test Yourself

7. Examining Basic Trace File Statistics

  • Examine Protocol Hierarchies
  • View Network Connections
  • View Network Endpoints
  • Evaluate Destinations
  • View IP Address Information
  • Evaluate Packet Lengths
  • Evaluate Port Types
  • Examine Multicast Streams and Settings
  • Test Yourself

8. Examining Advanced Trace File Statistics

  • Create IO Graphs
  • Create TCP Time-Sequence Graphs
  • Analyze Flow Graphs
  • Evaluate Service Response Times
  • Analyze BOOTP/DHCP Statistics
  • View HTTP Statistics
  • Create Round-Trip Time Graphs

9. Creating Display Filters

  • Follow a TCP Stream
  • Create Filters from Conversations and Endpoints
  • Default Display Filters and Filter Syntax
  • Build and Save Filters Based on Packets
  • Filter on Payload Bytes
  • Use Expressions to Build Display Filter
  • Use Boolean Operands and Negatives
  • The 10 Most Useful Filters
  • Manually Edit the Filter File

10. Save, Export, and Print

  • Save Filtered, Marked, and Ranges of Packets
  • Chart Conversation/Endpoint/Flow Graph Information
  • Save and Reassemble Data Streams
  • Export Packet Information
  • Print Packets
  • Capture/Edit Screen Shots for Reports

11. Expert System and Miscellaneous Tasks

  • Use Expert and Expert Info Composite Information
  • Analyze ACL Firewall Rules
  • Protocol Forcing
  • Merging Files
  • Zoom, Autoscroll, and Resizing Columns

12. Using Command-Line Tools

  • tshark and dumpcap
  • capinfos
  • editcap
  • mergecap
  • text2pcap

13. TCP/IP Functionality Overview

  • Resources and References for Analysts
  • Capture on Hubbed, Switched, and Routed Networks
  • The TCP/IP Resolution Process
  • Packets Going the Wrong Way
  • Faults in the Resolution Process
  • Test Yourself: What If.

14. Analyze DNS Traffic

  • DNS Packet Structure
  • Filter on DNS Traffic
  • Analyze Normal DNS Traffic
  • Analyze Unusual DNS Traffic

15. Analyze ARP Traffic

  • ARP Packet Structure
  • Filter on ARP Traffic
  • Analyze Normal ARP Traffic
  • Analyze Unusual ARP Traffic

16. Analyze IPv4 Traffic

  • IPv4 Packet Structure
  • Filter on IPv4 Traffic
  • Analyze Normal IPv4 Traffic
  • Analyze Unusual IPv4 Traffic

17. Analyze ICMP Traffic

  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • Analyze Normal ICMP Traffic
  • Analyze Unusual ICMP Traffic

18. Analyze UDP Traffic

  • UDP Packet Structure
  • Filter on UDP Traffic
  • Analyze Normal UDP Traffic
  • Analyze Unusual UDP Traffic

19. Analyze TCP Traffic

  • TCP Packet Structure
  • Filter on TCP Traffic
  • Analyze Normal TCP Traffic
  • Analyze Unusual TCP Traffic

20. Analyze DHCP Traffic

  • Understand DHCP Packet Structure
  • Filter on DHCP Traffic
  • Analyze Normal DHCP Traffic
  • Analyze Unusual DHCP Traffic

21. Analyze HTTP Traffic

  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Analyze Normal HTTP Traffic
  • Analyze Unusual HTTP Traffic

22. Analyze Telnet Traffic

  • Telnet Packet Structure
  • Filter on Telnet Traffic
  • Analyze Normal Telnet Traffic
  • Analyze Unusual Telnet Traffic

23. Analyze FTP Traffic

  • FTP Packet Structure
  • Filter on FTP Traffic
  • Analyze Normal FTP Traffic
  • Analyze Unusual FTP Traffic

24. Analyze POP Traffic

  • POP Packet Structure
  • Filter on POP Traffic
  • Analyze Normal POP Traffic
  • Analyze Unusual POP Traffic

25. Analyze SMTP Traffic

  • SMTP Packet Structure
  • Filter on SMTP Traffic
  • Analyze Normal SMTP Traffic
  • Analyze Unusual SMTP Traffic
Labs

Each section of this course includes hands-on labs to test and reinforce concepts and practice tasks.

© Wireshark University