This hands-on course provides in-depth training on Wireshark® and TCP/IP communications analysis. This course covers the use of Wireshark to identify the most common causes of performance problems in TCP/IP communications. Topics include traffic capturing techniques and analyzer placement, traffic filtering (capture/display), customized profiles, coloring rules, graphing, field interpretations and functionality of key TCP/IP communications. A strong emphasis is placed on understanding the normal behavior of ARP, DNS, IP, TCP, UDP, ICMP as well as HTTP/HTTPS. Students learn to identify latency issues, connection establishment concerns, service refusals and common indications of reconnaissance processes and breached hosts.
Upon completion of this course the participant will understand how to use Wireshark efficiently to spot the primary sources of network performance problems.
What You’ll Learn in Class:
· Learn the Top 10 reasons for network performance complaints;
· Place the analyzer properly for traffic capture on a variety of network types;
· Capture packets on wired and wireless networks;
· Configure Wireshark for best performance and non-intrusive analysis;
· Navigate through, split and work with large traffic files;
· Use time values to identify network performance problems;
· Create statistical charts and graphs to pinpoint performance issues;
· Filter out traffic for more efficient troubleshooting and analysis;
· Customize Wireshark coloring to focus on network problems faster;
· Use Wireshark’s Expert System to understand various traffic problems;
· Use the TCP/IP Resolution Flowchart to identify possible communication faults;
· Analyze normal/abnormal Domain Name System (DNS) traffic;
· Analyze normal/abnormal Address Resolution Protocol (ARP) traffic;
· Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic;
· Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic;
· Analyze normal/abnormal User Datagram Protocol (UDP) traffic;
· Analyze normal/abnormal Transmission Control Protocol (TCP) traffic;
· Analyze normal/abnormal Hypertext Transport Protocol (HTTP/HTTPS) traffic;
Who Needs to Attend:
Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists and security analysts.
SCOS is the official partner of the Wireshark University of Laura Chappell. We organize open and in-house courses for Wireshark, Cyber Security Investigation and Network Forensic Analysis. Our Trainers are internationally recognized Network Security and Forensics expert, drawing from over 30 years of hands-on, real world experience. They are members of FBI InfraGard, Computer Security Institute, the IEEE and Volunteer at Cyber Warfare Forum Initiative and frequent speakers at local, regional, national and international Security Events.
