Open Site Navigation

Wireshark Analysis

Wireshark is the one of the most popular network analyzer tools available worldwide. To successfully achieve Wireshark Certified Network Analyst certification, a candidate needs to establish his expertise in network analysis for security and performance purposes in an enterprise environment. The Wireshark Certified Network Analyst Program strives to test a candidate's skills and capability to troubleshoot, secure and optimize a network based on evidence found by analyzing traffic captured with the world's most popular and widely-deployed analyzer, Wireshark. This course will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems.

Wireshark Analysis

Course Modules

Introduction To Network Analysis And Wireshark


  • TCP/IP Analysis Checklist
  • Top Causes of Performance Problems
  • Get the Latest Version of Wireshark
  • Capturing Traffic
  • Opening Trace Files
  • Processing Packets
  • GTK Interface
  • The Icon Toolbar
  • The Changing Status Bar
  • Right-Click Functionality
  • General Analyst Resources
  • Your First Task When You Leave Class




Navigate Quickly And Focus Faster With Coloring Techniques


  • Move Around Quickly: Navigation Techniques
  • Find a Packet Based on Various Characteristics
  • Build Permanent Coloring Rules
  • Identify a Coloring Source
  • Apply Temporary Coloring
  • Mark Packets of Interest




Focus On Traffic Using Display Filters


  • Display Filters
  • Filter on Conversations/Endpoints
  • Build Filters Based on Packets
  • Display Filter Syntax
  • Use Comparison Operators and Advanced Filters
  • Filter on Text Strings
  • Build Filters Based on Expressions
  • Watch for Common Display Filter Mistakes
  • Manually Edit the dfilters File




Analyze DNS Traffic


  • DNS Overview
  • DNS Packet Structure
  • DNS Queries
  • Filter on DNS Traffic
  • Analyze Normal/Problem DNS Traffic




Analyze ICMP Traffic


  • ICMP Overview
  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • Analyze Normal/Problem ICMP Traffic




Your 10 Key Troubleshooting Steps


  • Baseline "NormalTraffic
  • Use Color
  • Look Who's Talking: Examine Conversations and Endpoints
  • Focus by Filtering
  • Create Basic IO Graphs
  • Examine Delta Time Values
  • Examine the Expert System
  • Follow the Streams
  • Graph Bandwidth Use, Round Trip Time, and TCP Time/Sequence Information
  • Watch Refusals and Redirections




Learn Capture Methods And Use Capture Filters


  • Checksum Issues at Capture
  • Analyze Switched Networks
  • Walk-Through a Sample SPAN Configuration
  • Analyze Full-Duplex Links with a Network TAP
  • Analyze Wireless Networks
  • Initial Analyzing Placement
  • Remote Capture Techniques
  • Available Capture Interfaces
  • Save Directly to Disk
  • Capture File Configurations
  • Limit Your Capture with Capture Filters
  • Examine Key Capture Filters




Spot Network And Application Issues With Time Values And Summaries


  • Examine the Delta Time (End-of-Packet to End-of-Packet)
  • Set a Time Reference
  • Compare Timestamp Values
  • Compare Timestamps of Filtered Traffic
  • Enable and Use TCP Conversation Timestamps
  • Compare TCP Conversation Timestamp Values
  • Troubleshooting Example Using Time
  • Analyze Delay Types




Effectively Use Command-Line Tools


  • TShark and Dumpcap Command-Line Tools
  • Capinfos Command-Line Tool
  • Editcap Command-Line Tool
  • Mergecap Command-Line Tool
  • Text2pcap Command-Line Tool
  • Split and Merge Trace Files




Analyze ARP Traffic


  • ARP Overview
  • ARP Packet Structure
  • Filter on ARP Traffic
  • Analyze Normal/Problem ARP Traffic




Analyze UDP Traffic


  • UDP Overview
  • Watch for Service Refusals
  • UDP Packet Structure
  • Filter on UDP Traffic
  • Follow UDP Streams to Reassemble Data
  • Analyze Normal/Problem UDP Traffic




Analyze HTTP Traffic


  • HTTP Overview
  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Reassembling HTTP Objects
  • HTTP Statistics
  • Analyze Normal/Problem HTTP Traffic




Analyze Ssl-encrypted Traffic (Https)


  • Examining SSL/HTTPS Traffic
  • Wireshark v1.6.0 Bug Alert #201106
  • Filter on SSL




Customize For Efficiency: Configure Your Global Preferences


  • First Step: Create a Troubleshooting Profile
  • Customize the User Interface
  • Add Custom Columns for the Packet List Pane
  • Set Your Global Capture Preferences
  • Define Name Resolution Preferences
  • Configure Individual Protocol Preferences




Create And Interpret Basic Trace File Statistics


  • Examine Trace File Summary Information
  • View Active Protocols
  • Graph Throughput to Spot Performance Problems Quickly
  • Locate the Most Active Conversations and Endpoints
  • Other Conversation Options
  • Graph the Traffic Flows for a More Complete View
  • Numerous Other Statistics are Available
  • Quick Overview of VoIP Traffic Analysis Tools




Tcp/ip Communications And Resolutions Overview


  • TCP/IP Functionality
  • When Everything Goes Right
  • The Multi-Step Resolution Process
  • Resolution Helped Build the Packet
  • Where Faults Can Occur
  • Typical Causes of Slow Performance




Analyze Ipv4 Traffic


  • IPv4 Overview
  • IPv4 Packet Structure
  • Analyze Broadcast/Multicast Traffic
  • Filter on IPv4 Traffic
  • IP Protocol Preferences
  • Analyze Normal/Problem IP Traffic




Analyze TCP Protocol


  • TCP Overview
  • The TCP Connection Process
  • TCP Handshake Problem
  • Watch Service Refusals
  • TCP Packet Structure
  • The TCP Sequencing/Acknowledgment Process
  • Packet Loss Detection in Wireshark
  • Fast Recovery/Fast Retransmission Detection in Wireshark
  • Retransmission Detection in Wireshark
  • Out-of-Order Segment Detection in Wireshark
  • Selective Acknowledgement (SACK)
  • Window Scaling
  • Window Size Issue: Receive Buffer Problem
  • Window Size Issue: Unequal Window Size Beliefs
  • TCP Sliding Window Overview
  • Troubleshoot TCP Quickly with Expert Info
  • Filter on TCP Traffic and TCP Problems
  • Properly Set TCP Preferences
  • Follow TCP Streams to Reassemble Data





Duration of the courses: 120 Hours

Audience

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, security analysts, especially network engineers, information technology specialists.

Prerequisites

It is strongly recommended that you attend the CEH class before enrolling into CHFI program.

Key Benefits

Good Understanding of TCP/IP Networking