Making Things Work Better, One bit At A Time

Wireshark/Ethereal Class - Full Day

This course will concentrate on how to get up and running with one of the popular protocol analyzers around.  The instructor will determine which technical areas to focus on and the students get an opportunity to review network concepts from a tactical perspective.  Network basics are reinforced with hands-on examples in a collaborative environment.

The “So What?” lesson is reviewed with the students after any important concept is presented.  This will ensure the instructor and students fully understand the theory or concept just presented.  The goal of the course is to empower the students with enough knowledge that they can immediately use.  The habit of questioning leaves them with an inclination to understand new technology and become an efficient troubleshooter.

 

Curriculum

 

Outline

  • What is a Protocol Analyzer?
  • TCP/IP Task Offload in NDIS 5
  • Windows Installation Command Line Option
  • Make It Easier To Launch Wireshark - Shortcut Key
  • Starting Wireshark Edit -> Preferences
  • Capture Options Dialogue Box
  • Capturing From The Command line
  • Capture Frame Capture Filters
  • Capture Stop Triggers and Ring Buffers
  • Frame Display Options
  • Name Resolution Notes
  • Sorting Columns
  • Drag and Drop
  • Endpoints and Conversation List
  • Flow Graph Statistics
  • Expert Info
  • Display Filters
  • Follow TCP Stream
  • Expert Info Composite
  • Exporting from Wireshark into Excel for advanced reporting.

  Hands-on examples are used to reinforce these concepts.

Exercises

  • Capture packet from the command prompt to a file
  • Search packet for payload specifics
  • Capture live HTTP traffic and HTTP review
  • Capture live FTP traffic and HTTP review
  • Review IP protocol
  • Review TCP protocol
  • Review UDP protocol
  • Saving filtered packets
  • Various helpful protocol Display Filters
  • Zooming In and Out
  • Dynamic Baselining
  • When to use Packet List, Packet Details and Packet Bytes
  • File -> Export -> Objects -> HTTP feature
  • Setting your Tie Display Format
  • Caveats surrounding Name resolution
  • Creating display filters from Statistics reports
  • Firewall ACL feature
  • Creating  I/O Graphs
  • Using Round-Trip graphs
  • Interpreting tracefiles
  • Calculating response time

Documentation and Baselining examples