TCP/IP Network Traffic Analysis with Wireshark ( nettraffanalyswireshark | 35 hours )

Prerequisites:

1. Familiarity with ISO OSI Reference Model - ITU-T X.200 and TCP/IP protocol stack.

2. Basic knowledge of Unix/Linux OS: UNIX terminal, directory structure, listing files and directo-
ries, making directories, changing to a different directory, copying, moving and removing files and directories, redirection, pipes, processes - listing suspended and background processes.

Hardware & Software
1. HW: min 16GB of RAM, min 60GB free disk space available.
2. OS: Ubuntu Linux OS is preferred. In this case the following applications should be installed: ip,
iperf, ipcalc.
3. SW: Wireshark application (https://www.wireshark.org/download.html).

All should be in latest stable, available releases.

Overview:

Wireshark is a free open source packet analyzer used for troubleshooting network issues. Network packet analysis is a technique used to view, in real time, the raw data sent and received over a network interface. This is useful for troubleshooting network configuration and network application problems.

In this instructor-led, live training (onsite or remote), participants will learn advanced techniques for troubleshooting the functionality and performance of a network and its applications. This course is an extension of "Network Troubleshooting with Wireshark", which focuses primarily on common HTTP applications. In this training, we consider protocols and connection mediums such as Wi-Fi, HTTPS, SMTP, enterprise applications and more.

By the end of this training, participants will be able to:

  • Isolate and solve network security issues using the Wireshark CLI
  • Troubleshoot applications that use protocols beyond HTTP, including HTTPS, FTP, mail, DNS, etc.
  • Troubleshoot network connection problems in enterprise applications such as databases, RPC, etc.
  • Troubleshoot connection problems in media applications such as VoIP and streaming
  • Use network forensics to trace and detect security issues

Audience

  • Network engineers
  • Network and computer technicians

Format of the Course

  • Part lecture, part discussion, exercises and heavy hands-on practice
Course Outline:

Day 1

Network analysis overview

  1. OSI reference model and TCP/IP networks essentials.
  2. Troubleshooting tools, methodologies.
  3. Introduction to Wireshark
  4. What is Wireshark? Portable Wireshark. Resources.
  5. Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
  6. Architecture and processing flow. What and why cannot be seen with Wireshark?
  7. Supported protocols. Dissectors.
  8. Preferences and configurations; global and profile specific.
  9. Time values.
  10. Lab exercises.

Day 2

Capture traffic

  1. Things to consider before start.
  2. Promiscuous mode.
  3. Capture filters.
  4. Automatic stop criteria.
  5. Remote capture.
  6. Lab exercises.

Traffic analysis: tools and approaches

  1. Analysis checklist.
  2. Using features: name resolution, colorization, marking, ignoring, commenting, using time references, time shifts, etc.
  3. Understanding Expert System.
  4. Accessing options through Right-Click functionality.
  5. Interpretation (reference patterns), OS/driver Offload features impact.
  6. Saving results.
  7. Lab exercises and case studies.

Day 3

Traffic analysis: tools and approaches (cont.)

  1. Filtering traffic: Display filters (preparing "in-flight" filters, macros), following stream.
  2. Quantitative analysis.
    1. Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IP-specific.
    2. Protocol specific analysis (e.g.: TCP Stream Graphs).
    3. Advanced custom statistics with I/O Graph.
    4. Flow visualization.

Day 4

Traffic analysis: protocols

  1. Data-Link Layer: Ethernet II.
  2. Network Layer: IPv4.
  3. Transport Layer: TCP, UDP.
    1. Packet loss and recovery.
    2. Previous segment lost and Out-of-Order Segments events.
    3. Duplicate ACKs and Fast Retransmissions.
    4. TCP Retransmissions.
    5. Zero Window, Window changes and other window problems.
  4. Application layer: HTTP, FTP.
  5. Lab exercises and case studies.

Day 5

Traffic analysis: common issues in network performance assessment

  1. Cause of performance problems.
  2. Packet loss.
  3. Bandwidth issues. Layered approach to measurement.
  4. Latency: assessing end to end latency, visualization.
  5. Lab exercises.
  6. (Wireshark) command-line tools:
    1. tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
    2. editcap, mergecap, capinfos, text2pcap.

Advanced topics

  1. Advanced filters, grouped iostats.
  2. Summary and Q&A.
Sites Published:

United Arab Emirates - TCP/IP Network Traffic Analysis with Wireshark

Qatar - TCP/IP Network Traffic Analysis with Wireshark

Egypt - TCP/IP Network Traffic Analysis with Wireshark

Saudi Arabia - TCP/IP Network Traffic Analysis with Wireshark

South Africa - TCP/IP Network Traffic Analysis with Wireshark

Brasil - TCP/IP Network Traffic Analysis with Wireshark

Canada - TCP/IP Network Traffic Analysis with Wireshark

中国 - TCP/IP Network Traffic Analysis with Wireshark

香港 - TCP/IP Network Traffic Analysis with Wireshark

澳門 - TCP/IP Network Traffic Analysis with Wireshark

台灣 - TCP/IP Network Traffic Analysis with Wireshark

USA - TCP/IP Network Traffic Analysis with Wireshark

Österreich - TCP/IP Network Traffic Analysis with Wireshark

Schweiz - TCP/IP Network Traffic Analysis with Wireshark

Deutschland - TCP/IP Network Traffic Analysis with Wireshark

Czech Republic - TCP/IP Network Traffic Analysis with Wireshark

Denmark - TCP/IP Network Traffic Analysis with Wireshark

Estonia - TCP/IP Network Traffic Analysis with Wireshark

Finland - TCP/IP Network Traffic Analysis with Wireshark

Greece - TCP/IP Network Traffic Analysis with Wireshark

Magyarország - TCP/IP Network Traffic Analysis with Wireshark

Ireland - TCP/IP Network Traffic Analysis with Wireshark

Luxembourg - TCP/IP Network Traffic Analysis with Wireshark

Latvia - TCP/IP Network Traffic Analysis with Wireshark

España - TCP/IP Network Traffic Analysis with Wireshark

Italia - TCP/IP Network Traffic Analysis with Wireshark

Lithuania - TCP/IP Network Traffic Analysis with Wireshark

Nederland - TCP/IP Network Traffic Analysis with Wireshark

Norway - TCP/IP Network Traffic Analysis with Wireshark

Portugal - TCP/IP Network Traffic Analysis with Wireshark

România - TCP/IP Network Traffic Analysis with Wireshark

Sverige - TCP/IP Network Traffic Analysis with Wireshark

Türkiye - TCP/IP Network Traffic Analysis with Wireshark

Malta - TCP/IP Network Traffic Analysis with Wireshark

Belgique - TCP/IP Network Traffic Analysis with Wireshark

France - TCP/IP Network Traffic Analysis with Wireshark

日本 - TCP/IP Network Traffic Analysis with Wireshark

Australia - TCP/IP Network Traffic Analysis with Wireshark

Malaysia - TCP/IP Network Traffic Analysis with Wireshark

New Zealand - TCP/IP Network Traffic Analysis with Wireshark

Philippines - TCP/IP Network Traffic Analysis with Wireshark

Singapore - TCP/IP Network Traffic Analysis with Wireshark

Thailand - TCP/IP Network Traffic Analysis with Wireshark

Vietnam - TCP/IP Network Traffic Analysis with Wireshark

India - TCP/IP Network Traffic Analysis with Wireshark

Argentina - TCP/IP Network Traffic Analysis with Wireshark

Chile - TCP/IP Network Traffic Analysis with Wireshark

Costa Rica - TCP/IP Network Traffic Analysis with Wireshark

Ecuador - TCP/IP Network Traffic Analysis with Wireshark

Guatemala - TCP/IP Network Traffic Analysis with Wireshark

Colombia - TCP/IP Network Traffic Analysis with Wireshark

México - TCP/IP Network Traffic Analysis with Wireshark

Panama - TCP/IP Network Traffic Analysis with Wireshark

Peru - TCP/IP Network Traffic Analysis with Wireshark

Uruguay - TCP/IP Network Traffic Analysis with Wireshark

Venezuela - TCP/IP Network Traffic Analysis with Wireshark

Polska - TCP/IP Network Traffic Analysis with Wireshark

United Kingdom - TCP/IP Network Traffic Analysis with Wireshark

South Korea - TCP/IP Network Traffic Analysis with Wireshark

Pakistan - TCP/IP Network Traffic Analysis with Wireshark

Sri Lanka - TCP/IP Network Traffic Analysis with Wireshark

Bulgaria - TCP/IP Network Traffic Analysis with Wireshark

Bolivia - TCP/IP Network Traffic Analysis with Wireshark

Indonesia - TCP/IP Network Traffic Analysis with Wireshark

Kazakhstan - TCP/IP Network Traffic Analysis with Wireshark

Moldova - TCP/IP Network Traffic Analysis with Wireshark

Morocco - TCP/IP Network Traffic Analysis with Wireshark

Tunisia - TCP/IP Network Traffic Analysis with Wireshark

Kuwait - TCP/IP Network Traffic Analysis with Wireshark

Oman - TCP/IP Network Traffic Analysis with Wireshark

Slovakia - TCP/IP Network Traffic Analysis with Wireshark

Kenya - TCP/IP Network Traffic Analysis with Wireshark

Nigeria - TCP/IP Network Traffic Analysis with Wireshark

Botswana - TCP/IP Network Traffic Analysis with Wireshark

Slovenia - TCP/IP Network Traffic Analysis with Wireshark

Croatia - TCP/IP Network Traffic Analysis with Wireshark

Serbia - TCP/IP Network Traffic Analysis with Wireshark

Bhutan - TCP/IP Network Traffic Analysis with Wireshark

Nepal - TCP/IP Network Traffic Analysis with Wireshark