The Wireshark Certified Network Analyst Program strives to test a candidate's skills and capability to troubleshoot, secure and optimize a network based on evidence found by analyzing traffic captured with the world's most popular and widely-deployed analyzer, Wireshark.

You will learn how to use Wireshark to identify the most common causes of performance issues in TCP/IP communications. You can develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance issues, and you will prepare for the new Wireshark certification exam.

Audience:

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, security analysts, especially network engineers, information technology specialists.

Prerequisites:

Good Understanding of TCP/IP Networking

Duration of the course: 4 Days (8 Hrs/day)

Course outline:

Introduction to Network Analysis and Wireshark:

  • TCP/IP Analysis Checklist
  • Top Causes of Performance Problems
  • Get the Latest Version of Wireshark
  • Capturing Traffic
  • Opening Trace Files
  • Processing Packets
  • GTK Interface
  • The Icon Toolbar
  • The Changing Status Bar
  • Right-Click Functionality
  • General Analyst Resources
  • Your First Task When You Leave Class

Learn Capture Methods and Use Capture Filters:

  • Checksum Issues at Capture
  • Analyze Switched Networks
  • Walk-Through a Sample SPAN Configuration
  • Analyze Full-Duplex Links with a Network TAP
  • Analyze Wireless Networks
  • Initial Analyzing Placement
  • Remote Capture Techniques
  • Available Capture Interfaces
  • Save Directly to Disk
  • Capture File Configurations
  • Limit Your Capture with Capture Filters
  • Examine Key Capture Filters

Customize for Efficiency: Configure Your Global Preferences:

  • First Step: Create a Troubleshooting Profile
  • Customize the User Interface
  • Add Custom Columns for the Packet List Pane
  • Set Your Global Capture Preferences
  • Define Name Resolution Preferences
  • Configure Individual Protocol Preferences

Navigate Quickly and Focus Faster with Coloring Techniques:

  • Move Around Quickly: Navigation Techniques
  • Find a Packet Based on Various Characteristics
  • Build Permanent Coloring Rules
  • Identify a Coloring Source
  • Apply Temporary Coloring
  • Mark Packets of Interest

Spot Network and Application Issues with Time Values and Summaries:

  • Examine the Delta Time (End-of-Packet to End-of-Packet)
  • Set a Time Reference
  • Compare Timestamp Values
  • Compare Timestamps of Filtered Traffic
  • Enable and Use TCP Conversation Timestamps
  • Compare TCP Conversation Timestamp Values
  • Troubleshooting Example Using Time
  • Analyze Delay Types

Create and Interpret Basic Trace File Statistics:

  • Examine Trace File Summary Information
  • View Active Protocols
  • Graph Throughput to Spot Performance Problems Quickly
  • Locate the Most Active Conversations and Endpoints
  • Other Conversation Options
  • Graph the Traffic Flows for a More Complete View
  • Numerous Other Statistics are Available
  • Quick Overview of VoIP Traffic Analysis Tools

Focus on Traffic Using Display Filters:

  • Display Filters
  • Filter on Conversations/Endpoints
  • Build Filters Based on Packets
  • Display Filter Syntax
  • Use Comparison Operators and Advanced Filters
  • Filter on Text Strings
  • Build Filters Based on Expressions
  • Watch for Common Display Filter Mistakes
  • Manually Edit the dfilters File

Effectively Use Command-Line Tools:

  • TShark and Dumpcap Command-Line Tools
  • Capinfos Command-Line Tool
  • Editcap Command-Line Tool
  • Mergecap Command-Line Tool
  • Text2pcap Command-Line Tool
  • Split and Merge Trace Files

TCP/IP Communications and Resolutions Overview:

  • TCP/IP Functionality
  • When Everything Goes Right
  • The Multi-Step Resolution Process
  • Resolution Helped Build the Packet
  • Where Faults Can Occur
  • Typical Causes of Slow Performance

Analyze DNS Traffic:

  • DNS Overview
  • DNS Packet Structure
  • DNS Queries
  • Filter on DNS Traffic
  • Analyze Normal/Problem DNS Traffic

Analyze ARP Traffic:

  • ARP Overview
  • ARP Packet Structure
  • Filter on ARP Traffic
  • Analyze Normal/Problem ARP Traffic

Analyze IPv4 Traffic:

  • IPv4 Overview
  • IPv4 Packet Structure
  • Analyze Broadcast/Multicast Traffic
  • Filter on IPv4 Traffic
  • IP Protocol Preferences
  • Analyze Normal/Problem IP Traffic

Analyze ICMP Traffic:

  • ICMP Overview
  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • Analyze Normal/Problem ICMP Traffic

Analyze UDP Traffic:

  • UDP Overview
  • Watch for Service Refusals
  • UDP Packet Structure
  • Filter on UDP Traffic
  • Follow UDP Streams to Reassemble Data
  • Analyze Normal/Problem UDP Traffic

Analyze TCP Protocol:

  • TCP Overview
  • The TCP Connection Process
  • TCP Handshake Problem
  • Watch Service Refusals
  • TCP Packet Structure
  • The TCP Sequencing/Acknowledgment Process
  • Packet Loss Detection in Wireshark
  • Fast Recovery/Fast Retransmission Detection in Wireshark
  • Retransmission Detection in Wireshark
  • Out-of-Order Segment Detection in Wireshark
  • Selective Acknowledgement (SACK)
  • Window Scaling
  • Window Size Issue: Receive Buffer Problem
  • Window Size Issue: Unequal Window Size Beliefs
  • TCP Sliding Window Overview
  • Troubleshoot TCP Quickly with Expert Info
  • Filter on TCP Traffic and TCP Problems
  • Properly Set TCP Preferences
  • Follow TCP Streams to Reassemble Data

Examine Advanced Trace File Statistics:

  • Build Advanced IO Graphs
  • Graph Round Trip Times
  • Graph TCP Throughput
  • Find Problems Using TCP Time-Sequence Graphs

Analyze HTTP Traffic:

  • HTTP Overview
  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Reassembling HTTP Objects
  • HTTP Statistics
  • Analyze Normal/Problem HTTP Traffic

Analyze SSL-Encrypted Traffic (HTTPS):

  • Examining SSL/HTTPS Traffic
  • Wireshark v1.6.0 Bug Alert #201106
  • Filter on SSL

Analyze File Transfer Protocol (FTP) Traffic:

  • FTP Overview
  • FTP Packet Structure
  • Analyze Active Mode Connections
  • Analyze Passive Mode Connections
  • Filter on FTP Traffic
  • Analyze Normal/Problem FTP Traffic

Your 10 Key Troubleshooting Steps:

  • Baseline "NormalTraffic
  • Use Color
  • Look Who's Talking: Examine Conversations and Endpoints
  • Focus by Filtering
  • Create Basic IO Graphs
  • Examine Delta Time Values
  • Examine the Expert System
  • Follow the Streams
  • Graph Bandwidth Use, Round Trip Time, and TCP Time/Sequence Information
  • Watch Refusals and Redirections