Network Troubleshooting with Wireshark

• An understanding of TCP/IP networking principles

Network packet analysis is a technique used to view, in real time, the raw data sent and received over a network interface. This is useful for troubleshooting network configuration and network application problems. Wireshark is a free open source packet analyzer used for troubleshooting such network issues.

In this instructor-led, live training, participants will learn how to use Wireshark to troubleshoot the functionality of a network as well as the performance of differente networked applications. Participants will learn network troubleshooting principles and practice techniques for capturing and analyzing TCP/IP request and response traffic between different clients and the servers.

By the end of this training, participants will be able to:

• Analyze network functionality and performance in various environments under different conditions
• Determine whether instances of different server applications are performing acceptably
• Identify the primary sources of network performance problems
• Identify and troubleshoot the most common causes of performance problems in TCP/IP communications

Audience

• Network engineers
• Network and computer technicians

Format of the Course

• Part lecture, part discussion, exercises and heavy hands-on practice

Note

• To request a customized training for this course, please contact us to arrange.

Introduction

• Wireshark -- not just a last-resort tool

Overview of Network Troubleshooting Concepts

• Root cause analysis

Installing Wireshark

Overview of Wireshark Features

• Navigating the UI interface

Capturing Traffic in the Test Environment

• Selecting the network interface
• Capture packets on wired and wireless networks

Analyzing the Logs

• Inspecting the HTTP packets
• Viewing back-and-forth TCP streams
• Saving the log for offline inspection

Analyzing Connection Speed Issues When Connecting to a Particular Website

• Using filters
• Seeing the statistics

Analyzing by Traffic Type

• DNS, ARP, IPv4, IPv6, ICMP, UDP, TCP, and HTTP/HTTPS
• Consistently slow connections over prolonged periods of time

Checking Response Times

• Setting delta time columns

Checking for Machines Infected with a Virus

• Inspecting ARP traffic

Inspecting Sources of Network Traffic

• Intel ANS probe
• Broken/misconfigured software (network flooding)

Pinpointing Performance Issues

• Creating statistical charts and graphs
• Setting colors in Wireshark
• Filtering traffic
• Using Wireshark Expert System and TCP/IP Resolution Flowchart

Troubleshooting Connections within a Secured Network Environment

• Proxies, firewalls and clients

Configuring Wireshark for Optimal Performance

•  Non-intrusive analysis

Troubleshooting

Summary and Conclusion