Analyzing TCP/IP Networks with Wireshark Training Class

1. Introduction to Wireshark

• 
  History, Authors, and License


• 
  How Wireshark Works


• 
  Wireshark Folders, Plug-Ins, and Help


• 
  Command-Line Tools


• 
  Resources and References for Analysts


• 
  WinPcap Essentials


• 
  CACE Technologies - AirPcap?? and Pilot??

2. Analyzer Placement

• 
  Location, Location, Location


• 
  Half-Duplex Hub-Out


• 
  Full-Duplex Tapping


• 
  Switch Port Spanning


• 
  Wireless Capture Options

3. Capturing Packets

• 
  Active Interfaces


• 
  Capture to a File


• 
  Capture to a Ring Buffer


• 
  Open and Work with File Sets


• 
  Default Capture Filters


• 
  Create New Capture Filters


• 
  Avoid Dropped Packets


• 
  Command-Line Capture: Tshark.exe


• 
  Command-Line Capture: Rawshark.exe


• 
  Command-Line Capture: Dumpcap.exe


• 
  Test Yourself

4. Configuring Global Preferences

• 
  Customize the User Interface


• 
  Set Global Capture Preferences


• 
  Define Name Resolution Preferences


• 
  Alter Protocol Settings


• 
  My Favorite Preferences

5. Navigation and Colorization Techniques

• 
  Go To a Specific Packet Number


• 
  Find Packets Based on Payload


• 
  Sort Columns


• 
  Use and Customize Packet Colors


• 
  Mark Packets


• 
  Show a Packet in a New Window


• 
  Test Yourself

6. Using Time Values and Summaries

• 
  Use the Default Time Column Setting and Precision


• 
  Use Time Between Packets


• 
  Set a Time Reference and View Capture Time


• 
  Troubleshooting with Time


• 
  Analyze Summary Information


• 
  Test Yourself

7. Examining Basic Trace File Statistics

• 
  Examine Protocol Hierarchies


• 
  View Network Connections


• 
  View Network Endpoints


• 
  Evaluate Destinations


• 
  View IP Address Information


• 
  Evaluate Packet Lengths


• 
  Evaluate Port Types


• 
  Examine Multicast Streams and Settings


• 
  Test Yourself

8. Examining Advanced Trace File Statistics

• 
  Create IO Graphs


• 
  Create TCP Time-Sequence Graphs


• 
  Analyze Flow Graphs


• 
  Evaluate Service Response Times


• 
  Analyze BOOTP/DHCP Statistics


• 
  View HTTP Statistics


• 
  Create Round-Trip Time Graphs

9. Creating Display Filters

• 
  Follow a TCP Stream


• 
  Create Filters from Conversations and Endpoints


• 
  Default Display Filters and Filter Syntax


• 
  Build and Save Filters Based on Packets


• 
  Filter on Payload Bytes


• 
  Use Expressions to Build Display Filter


• 
  Use Boolean Operands and Negatives


• 
  The 10 Most Useful Filters


• 
  Manually Edit the Filter File

10. Save, Export, and Print

• 
  Save Filtered, Marked, and Ranges of Packets


• 
  Chart Conversation/Endpoint/Flow Graph Information


• 
  Save and Reassemble Data Streams


• 
  Export Packet Information


• 
  Print Packets


• 
  Capture/Edit Screen Shots for Reports

11. Expert System and Miscellaneous Tasks

• 
  Use Expert and Expert Info Composite Information


• 
  Analyze ACL Firewall Rules


• 
  Protocol Forcing


• 
  Merging Files


• 
  Zoom, Autoscroll, and Resizing Columns

12. Using Command-Line Tools

• 
  tshark and dumpcap


• 
  capinfos


• 
  editcap


• 
  mergecap


• 
  text2pcap

13. TCP/IP Functionality Overview

• 
  Resources and References for Analysts


• 
  Capture on Hubbed, Switched, and Routed Networks


• 
  The TCP/IP Resolution Process


• 
  Packets Going the Wrong Way


• 
  Faults in the Resolution Process


• 
  Test Yourself: What If.

14. Analyze DNS Traffic

• 
  DNS Packet Structure


• 
  Filter on DNS Traffic


• 
  Analyze Normal DNS Traffic


• 
  Analyze Unusual DNS Traffic

15. Analyze ARP Traffic

• 
  ARP Packet Structure


• 
  Filter on ARP Traffic


• 
  Analyze Normal ARP Traffic


• 
  Analyze Unusual ARP Traffic

16. Analyze IPv4 Traffic

• 
  IPv4 Packet Structure


• 
  Filter on IPv4 Traffic


• 
  Analyze Normal IPv4 Traffic


• 
  Analyze Unusual IPv4 Traffic

17. Analyze ICMP Traffic

• 
  ICMP Packet Structure


• 
  Filter on ICMP Traffic


• 
  Analyze Normal ICMP Traffic


• 
  Analyze Unusual ICMP Traffic

18. Analyze UDP Traffic

• 
  UDP Packet Structure


• 
  Filter on UDP Traffic


• 
  Analyze Normal UDP Traffic


• 
  Analyze Unusual UDP Traffic

19. Analyze TCP Traffic

• 
  TCP Packet Structure


• 
  Filter on TCP Traffic


• 
  Analyze Normal TCP Traffic


• 
  Analyze Unusual TCP Traffic

20. Analyze DHCP Traffic

• 
  Understand DHCP Packet Structure


• 
  Filter on DHCP Traffic


• 
  Analyze Normal DHCP Traffic


• 
  Analyze Unusual DHCP Traffic

21. Analyze HTTP Traffic

• 
  HTTP Packet Structure


• 
  Filter on HTTP Traffic


• 
  Analyze Normal HTTP Traffic


• 
  Analyze Unusual HTTP Traffic

22. Analyze Telnet Traffic

• 
  Telnet Packet Structure


• 
  Filter on Telnet Traffic


• 
  Analyze Normal Telnet Traffic


• 
  Analyze Unusual Telnet Traffic

23. Analyze FTP Traffic

• 
  FTP Packet Structure


• 
  Filter on FTP Traffic


• 
  Analyze Normal FTP Traffic


• 
  Analyze Unusual FTP Traffic

24. Analyze POP Traffic

• 
  POP Packet Structure


• 
  Filter on POP Traffic


• 
  Analyze Normal POP Traffic


• 
  Analyze Unusual POP Traffic

25. Analyze SMTP Traffic

• 
  SMTP Packet Structure


• 
  Filter on SMTP Traffic


• 
  Analyze Normal SMTP Traffic


• 
  Analyze Unusual SMTP Traffic

Anyone interested in learning to troubleshoot TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certification Exam.