Wireshark Class - Full Day
This course will concentrate on how to get up and running with Wireshark. Tony will determine which technical areas to focus on and review network concepts from a tactical perspective.
Network basics are reinforced with hands-on examples in a collaborative environment.
Tony's famous “So What?” technique is reviewed with the students after any important concept is presented. This ensures that the students fully understand the theory or concept just presented beforing moving on.
The goal of the course is to empower the students with enough knowledge that they can immediately apply when they retuen to work.
This technique leaves them with an inclination to understand new technology and tobecome an efficient troubleshooter.
Curriculum
Check out Wireshark page to see other things we cover in the class.
- What is a Protocol Analyzer?
- TCP/IP Task Offload in NDIS 5
- Wireshark - Getting Started Tips
- Wireshark TCP Checksums
- Remote Captures using Wireshark and rpcapd
- Wireshark Desktop Shortcut to Start Capturing
- Windows Installation Command Line Option
- Make It Easier To Launch Wireshark - Shortcut Key
- Starting Wireshark Edit -> Preferences
- Capture Options Dialogue Box
- Capturing From The Command line
- Capture Frame Capture Filters
- Capture Stop Triggers and Ring Buffers
- Frame Display Options
- Name Resolution Notes
- Sorting Columns
- Drag and Drop
- Endpoints and Conversation List
- Flow Graph Statistics
- Expert Info
- Display Filters
- Follow TCP Stream
- Using Packet Bookmarks and Wireshark
- Expert Info Composite
- Exporting from Wireshark into Excel for advanced reporting.
- Capture packet from the command prompt to a file
- Capture packets from the windows command prompt
- Search packet for payload specifics
- Capture live HTTP traffic and HTTP review
- Capture live FTP traffic and HTTP review
- Review IP protocol
- Review TCP protocol
- Review UDP protocol
- Saving filtered packets
- Troubleshooting Using Wireshark
- Various helpful protocol Display Filters
- Zooming In and Out
- Dynamic Baselining
- When to use Packet List, Packet Details and Packet Bytes
- File -> Export -> Objects -> HTTP feature
- Setting your Tie Display Format
- Caveats surrounding Name resolution
- Creating display filters from Statistics reports
- Firewall ACL feature
- Capturing using Wireshark's tshark and Autostop Option
- Wireshark - tshark Ring Buffer Example
- Using Wireshark's I/O Graphs
- Using Round-Trip graphs
- Interpreting tracefiles
- Using Wireshark to Validate Your Configs
- Observing Duplicate IP's With Wireshark
- Calculating response time
- Network Discovery and Protocol Analysis
- Documentation and Baselining examples
- Reassembling a SMB File With Wireshark
- Looking for HTTP Login Credentials With Wireshark
- Using Wireshark's Editcap to Reduce Your Trace File Size
- Using Wireshark's editcap to Remove Duplicate Packets
- Fetch Sharkie, Fetch ... Good Boy
- Using Splitcap to Help Analyze Your Wireshark Trace Files
- Troubleshooting Performance Issues with Wireshark
- Using Wireshark Accelerator Keys
- Creating Wireshark MAC Filters
- Wireshark, Excel and Pivot Tables
- Configuring Pilot To Email You
Hands-on examples are used to reinforce these concepts.