Wireshark is a free network protocol analyser. This hands-on course provides a comprehensive tour of using Wireshark to troubleshoot networks. The course concentrates on the information needed in order to pass the WCNA exam. Students will gain the most from this course only if they already have a sound knowledge of the TCP/IP protocols.
TCP/IP Foundation for engineers
By the end of the course delegates will be able to:
What is Wireshark?
Network analysis, troubleshooting, network traffic flows.
Download/install Wireshark.
Wireshark introduction
Capturing packets, libpcap, winpcap, airpcap. Dissectors and plugins. The menus. Right click.
Using Wireshark.
Capturing traffic
Wireshark and switches and routers. Remote traffic capture.
Capturing packets.
Capture filters
Applying, identifiers, qualifiers, protocols, addresses, byte values. File sets, ring buffers.
Capture filters.
Preferences
Configuration folders. Global and personal configurations. Capture preferences, name resolution, protocol settings. Colouring traffic. Profiles.
Customising Wireshark.
Time
Packet time, timestamps, packet arrival times, delays, traffic rates, packets sizes, overall bytes.
Measuring high latency.
Trace file statistics
Protocols and applications, conversations, packet lengths, destinations, protocol usages, strams, flows.
Wireshark statistics.
Display filters
Applying, clearing, expressions, right click, conversations, endpoints, protocols, combining filters, specific bytes, regex filters.
Display traffic.
Streams
Traffic reassembly, UDP and TCP conversations, SSL. Hands on Recreating streams.
Saving
Filtered, marked and ranges. Hands on Export.
TCP/IP Analysis
The expert system. DNS, ARP, IPv4, IPv6, ICMP, UDP, TCP. Hands on Analysing traffic.
IO rates and trends
Basic graphs, Advanced IO graphs. Round Trip Time, throughput rates. Hands on Graphs.
Application analysis
DHCP, HTTP, FTP, SMTP.
Analysing application traffic.
WiFi
Signal strength and interference, monitor mode and promiscuous mode. Data, management and control frames.
WLAN traffic.
VoIP
Call flows, Jitter, packet loss. RTP, SIP.
Playing back calls.
Performance problems
Baselining. High latency, arrival times, delta times.
Identifying poor performance.
Network forensics
Host vs network forensics, unusual traffic patterns, detecting scans and sweeps, suspect traffic.
Signatures.
Command line tools
Tshark, capinfos, editcap, mergecap, text2pcap, dumpcap.
Command tools.
Join our public courses in our Istanbul, London and Ankara facilities. Private class trainings will be organized at the location of your preference, according to your schedule.