Effective Network TCP/IP Analysis and Optimization encompasses the skills of not only capturing data, but also the ability to discern the key patterns hidden within the flood of network traffic. This official Wireshark University lab-based course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

• Specialized software configuration and packet capture techniques using Wireshark

• Behavior, Analysis, and threat recognition for a number of the standard user version 4 protocols, including IP, DHCP, TCP, UDP, DNS, ICMP, ARP, and standard Internet-based User Protocols such as HTTP / HTTP 2.0 / NNTP

• Specialized filtering and Analysis techniques, including data traffic reconstruction and viewing

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

Course Outline

1. Introduction to Wireshark

• History, Authors, and License
• How Wireshark Works
• Wireshark Folders, Plug-Ins, and Help
• Command-Line Tools
• Resources and References for Analysts
• WinPcap Essentials
• CACE Technologies – AirPcap™ and Pilot™

2. Analyzer Placement

• Location, Location, Location
• Half-Duplex Hub-Out
• Full-Duplex Tapping
• Switch Port Spanning
• Wireless Capture Options

3. Capturing Packets

• Active Interfaces
• Capture to a File
• Capture to a Ring Buffer
• Open and Work with File Sets
• Default Capture Filters
• Create New Capture Filters
• Avoid Dropped Packets
• Command-Line Capture: Tshark.exe
• Command-Line Capture: Rawshark.exe
• Command-Line Capture: Dumpcap.exe
• Test Yourself

4. Configuring Global Preferences

• Customize the User Interface
• Set Global Capture Preferences
• Define Name Resolution Preferences
• Alter Protocol Settings
• My Favorite Preferences

5. Navigation and Colorization Techniques

• Go To a Specific Packet Number
• Find Packets Based on Payload
• Sort Columns
• Use and Customize Packet Colors
• Mark Packets
• Show a Packet in a New Window
• Test Yourself

6. Using Time Values and Summaries

• Use the Default Time Column Setting and Precision
• Use Time Between Packets
• Set a Time Reference and View Capture Time
• Troubleshooting with Time
• Analyze Summary Information
• Test Yourself

7. Examining Basic Trace File Statistics

• Examine Protocol Hierarchies
• View Network Connections
• View Network Endpoints
• Evaluate Destinations
• View IP Address Information
• Evaluate Packet Lengths
• Evaluate Port Types
• Examine Multicast Streams and Settings
• Test Yourself

8. Examining Advanced Trace File Statistics

• Create IO Graphs
• Create TCP Time-Sequence Graphs
• Analyze Flow Graphs
• Evaluate Service Response Times
• Analyze BOOTP/DHCP Statistics
• View HTTP Statistics
• Create Round-Trip Time Graphs

9. Creating Display Filters

• Follow a TCP Stream
• Create Filters from Conversations and Endpoints
• Default Display Filters and Filter Syntax
• Build and Save Filters Based on Packets
• Filter on Payload Bytes
• Use Expressions to Build Display Filter
• Use Boolean Operands and Negatives
• The 10 Most Useful Filters
• Manually Edit the Filter File

10. Save, Export, and Print

• Save Filtered, Marked, and Ranges of Packets
• Chart Conversation/Endpoint/Flow Graph Information
• Save and Reassemble Data Streams
• Export Packet Information
• Print Packets
• Capture/Edit Screen Shots for Reports

11. Expert System and Miscellaneous Tasks

• Use Expert and Expert Info Composite Information
• Analyze ACL Firewall Rules
• Protocol Forcing
• Merging Files
• Zoom, Autoscroll, and Resizing Columns

12. Using Command-Line Tools

• tshark and dumpcap
• capinfos
• editcap
• mergecap
• text2pcap

13. TCP/IP Functionality Overview

• Resources and References for Analysts
• Capture on Hubbed, Switched, and Routed Networks
• The TCP/IP Resolution Process
• Packets Going the Wrong Way
• Faults in the Resolution Process
• Test Yourself: What If.

14. Analyze DNS Traffic

• DNS Packet Structure
• Filter on DNS Traffic
• Analyze Normal DNS Traffic
• Analyze Unusual DNS Traffic

15. Analyze ARP Traffic

• ARP Packet Structure
• Filter on ARP Traffic
• Analyze Normal ARP Traffic
• Analyze Unusual ARP Traffic

16. Analyze IPv4 Traffic

• IPv4 Packet Structure
• Filter on IPv4 Traffic
• Analyze Normal IPv4 Traffic
• Analyze Unusual IPv4 Traffic

17. Analyze ICMP Traffic

• ICMP Packet Structure
• Filter on ICMP Traffic
• Analyze Normal ICMP Traffic
• Analyze Unusual ICMP Traffic

18. Analyze UDP Traffic

• UDP Packet Structure
• Filter on UDP Traffic
• Analyze Normal UDP Traffic
• Analyze Unusual UDP Traffic

19. Analyze TCP Traffic

• TCP Packet Structure
• Filter on TCP Traffic
• Analyze Normal TCP Traffic
• Analyze Unusual TCP Traffic

20. Analyze DHCP Traffic

• Understand DHCP Packet Structure
• Filter on DHCP Traffic
• Analyze Normal DHCP Traffic
• Analyze Unusual DHCP Traffic

21. Analyze HTTP Traffic

• HTTP Packet Structure
• Filter on HTTP Traffic
• Analyze Normal HTTP Traffic
• Analyze Unusual HTTP Traffic

22. Analyze Telnet Traffic

• Telnet Packet Structure
• Filter on Telnet Traffic
• Analyze Normal Telnet Traffic
• Analyze Unusual Telnet Traffic

23. Analyze FTP Traffic

• FTP Packet Structure
• Filter on FTP Traffic
• Analyze Normal FTP Traffic
• Analyze Unusual FTP Traffic

24. Analyze POP Traffic

• POP Packet Structure
• Filter on POP Traffic
• Analyze Normal POP Traffic
• Analyze Unusual POP Traffic

25. Analyze SMTP Traffic

• SMTP Packet Structure
• Filter on SMTP Traffic
• Analyze Normal SMTP Traffic
• Analyze Unusual SMTP Traffic

Labs Each section of this course includes hands-on labs to test and reinforce concepts and practice tasks.

Format: 5 days Classroom Instruction
Start/End Times: 09:00-18:00
Recommended Class Size: 6-16
Language: English

Format: 5 days Classroom Instruction
Start/End Times: 09:00-18:00
Recommended Class Size: 6-16
Language: English