Advanced Network Troubleshooting Using Wireshark

In-depth knowledge of the TCP/IP protocol stack, along with participating in the “Basic Network Troubleshooting using Wireshark” course or equivalent knowledge. The participants should bring their laptops with Wireshark software (free download from the site - www.wireshark.org)

This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants with advanced capabilities for network troubleshooting. The course provides an in-depth knowledge of network behaviour and problems, along with the capabilities to isolate and solve security and advanced applications problems. The course is based on theory, class exercise and labs.

• Command-Line Tools and How to Use Them
• TShark and Dumpcap Command-Line Tools
• Capinfos Command-Line Tool
• Editcap Command-Line Tool
• Mergecap Command-Line Tool
• Text2pcap Command-Line Tool
• Split and Merge Trace Files
• Advance usage of Capture and Display Filters
• Writing advanced Capture filters scripts
• Writing Advanced Display filters
• Using triggered filters
• The Expert System Advance Usage
• Dealing with congestion - shattered windows and flooding
• Baseline network communications
• Unusual network communications
• Vulnerabilities in the TCP/IP resolution process
• Lab exercises and case studies
• Who is talking?
• Port Scans
• Mutant Scans
• IP Scans
• Application Mapping
• OS Fingerprinting
• Lab exercises and case studies
• VoIP Analysis
• SIP analysis and troubleshooting
• RTP, RTCP and media analysis
• Creating VoIP filters and analysis profiles
• Lab exercises and case studies
• Applications Analysis and Troubleshooting
• HTTP analysis and troubleshooting
• FTP analysis and troubleshooting
• DNS operation and troubleshooting
• Video transmission analysys
• Databases network-related problems
• Network Security and Forensics Basics
• Gather information – what to look for
• Unusual traffic patterns
• Complementary tools
• Detecting Security Suspicious Patterns
• MAC and IP address spoofing
• Attacks signatures and signature locations
• ARP poisoning
• Header and sequencing signatures
• Attacks and exploits
• TCP splicing and unusual traffic
• DoS and DDoS Attacks
• Protocol scans
• maliciously malformed packets
• Lab exercises and case studies