Wireshark 101 for engineers Eğitimi

TCP/IP Foundation for engineers (TPTCPIP)

By the end of the course delegates will be able to:

• Download and install Wireshark.
• Capture and analyse packets with Wireshark.
• Configure capture and display filters.
• Customise Wireshark.
• Troubleshoot networks using Wireshark.

What is Wireshark?

Protocol analysers, Wireshark features, versions, troubleshooting techniques with Wireshark.

Installing Wireshark

Downloading Wireshark, UNIX issues, Microsoft issues, the role of winpcap, promiscuous mode, installing Wireshark. Wireshark documentation and help.

Downloading and installing Wireshark.

Capturing traffic

Starting and stopping basic packet captures, the packet list pane, packet details pane, packet bytes pane, interfaces, using Wireshark in a switched architecture.

Capturing packets with Wireshark.

Troubleshooting networks with Wireshark

Common packet flows.

Analysing a variety of problems with Wireshark.

Capture filters

Capture filter expressions, capture filter examples (host, port, network, protocol, worm), primitives, combining primitives, payload matching.

Configuring capture filters.

Working with captured packets

Live packet capture, saving to a file, capture file formats, reading capture files from other analysers, merging capture files, finding packets, going to a specific packet, display filters, display filter expressions.

Saving captured data, configuring display filters.

Analysis and statistics with Wireshark

Enabling/disabling protocols, user specified decodes, following TCP streams, protocol statistics, conversation lists, endpoint lists, I/O graphs, protocol specific statistics.

Using the analysis and statistics menus.

Command line tools

Tshark, capinfos, editcap, mergecap, text2pcap, idl2eth.

Using tshark.

Advanced issues

802.11 issues, management frames, monitor mode, packet reassembling, name resolution, customising Wireshark.

Customising name resolution.