Certificate Authentication

Wireshark Network Traffic Analysis Certificate for Ablieiev Pavlo

Add to LinkedIn

Certificate ID: 
783599
Authentication Code: 
28e79
Certified Person Name: 
Ablieiev Pavlo
Trainer Name: 
Paweł Radziszewski
Duration Days: 
3
Duration Hours: 
21
Course Name: 
Wireshark Network Traffic Analysis
Course Date: 
2 October 2024 09:00 to 14 October 2024 16:00
Course Outline: 

Day 1

Network analysis overview

  1. OSI reference model and TCP/IP networks essentials.
  2. Troubleshooting tools, methodologies.
  3. Introduction to Wireshark
  4. What is Wireshark? Portable Wireshark. Resources.
  5. Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
  6. Architecture and processing flow. What and why cannot be seen with Wireshark?
  7. Supported protocols. Dissectors.
  8. Preferences and configurations; global and profile specific.
  9. Time values.
  10. Lab exercises.

Day 2

Capture traffic

  1. Things to consider before start.
  2. Promiscuous mode.
  3. Capture filters.
  4. Automatic stop criteria.
  5. Remote capture.
  6. Lab exercises.

Traffic analysis: tools and approaches

  1. Analysis checklist.
  2. Using features: name resolution, colorization, marking, ignoring, commenting, using time references, time shifts, etc.
  3. Understanding Expert System.
  4. Accessing options through Right-Click functionality.
  5. Interpretation (reference patterns), OS/driver Offload features impact.
  6. Saving results.
  7. Lab exercises and case studies.

Day 3

Traffic analysis: tools and approaches (cont.)

  1. Filtering traffic: Display filters (preparing "in-flight" filters, macros), following stream.
  2. Quantitative analysis.
    1. Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IP-specific.
    2. Protocol specific analysis (e.g.: TCP Stream Graphs).
    3. Advanced custom statistics with I/O Graph.
    4. Flow visualization.

Day 4

Traffic analysis: protocols

  1. Data-Link Layer: Ethernet II.
  2. Network Layer: IPv4.
  3. Transport Layer: TCP, UDP.
    1. Packet loss and recovery.
    2. Previous segment lost and Out-of-Order Segments events.
    3. Duplicate ACKs and Fast Retransmissions.
    4. TCP Retransmissions.
    5. Zero Window, Window changes and other window problems.
  4. Application layer: HTTP, FTP.
  5. Lab exercises and case studies.

Day 5

Traffic analysis: common issues in network performance assessment

  1. Cause of performance problems.
  2. Packet loss.
  3. Bandwidth issues. Layered approach to measurement.
  4. Latency: assessing end to end latency, visualization.
  5. Lab exercises.
  6. (Wireshark) command-line tools:
    1. tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
    2. editcap, mergecap, capinfos, text2pcap.

Advanced topics

  1. Advanced filters, grouped iostats.
  2. Summary and Q&A.