• Home
• Products
• Solutions
• Free Trial
• Free Software
• Security Training
• Contact Us
• Consultancy
• Press Releases

Troubleshooting TCP/IP Networks (Wireshark University)

Home | Security Training | Troubleshooting TCP/IP Networks (Wireshark University)

• Troubleshooting TCP/IP Networks (Wireshark University)
• Advanced Network/Security Analysis
• Cloud Security Investigation and Cloud Network Forensic Analysis
• Course Quote
• Training Terms & Conditions

Troubleshooting TCP/IP Networks (Wireshark University)

 

Course Description:
This hands-on course provides in-depth training on Wireshark® and TCP/IP communications analysis. This course covers the use of Wireshark to identify the most common causes of performance problems in TCP/IP communications. Topics include traffic capturing techniques and analyzer placement, traffic filtering (capture/display), customized profiles, coloring rules, graphing, field interpretations and functionality of key TCP/IP communications. A strong emphasis is placed on understanding the normal behavior of ARP, DNS, IP, TCP, UDP, ICMP as well as HTTP/HTTPS. Students learn to identify latency issues, connection establishment concerns, service refusals and common indications of reconnaissance processes and breached hosts.

 

Upon completion of this course the participant will understand how to use Wireshark efficiently to spot the primary sources of network performance problems.

 

What You'll Learn in Class:

• Learn the Top 10 reasons for network performance complaints

• Place the analyzer properly for traffic capture on a variety of network types

• Capture packets on wired and wireless networks

• Configure Wireshark for best performance and non-intrusive analysis

• Navigate through, split and work with large traffic files

• Use time values to identify network performance problems

• Create statistical charts and graphs to pinpoint performance issues

• Filter out traffic for more efficient troubleshooting and analysis

• Customize Wireshark coloring to focus on network problems faster

• Use Wireshark's Expert System to understand various traffic problems

• Use the TCP/IP Resolution Flowchart to identify possible communication faults

• Analyze normal/abnormal Domain Name System (DNS) traffic

• Analyze normal/abnormal Address Resolution Protocol (ARP) traffic

• Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic

• Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic

• Analyze normal/abnormal User Datagram Protocol (UDP) traffic

• Analyze normal/abnormal Transmission Control Protocol (TCP) traffic

• Analyze normal/abnormal Hypertext Transport Protocol (HTTP/HTTPS) traffic

Who Needs to Attend:
Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists and security analysts.

Prerequisites:
Knowledge of TCP/IP networking fundamentals, network devices and basic network protocols.

Certification:
This course is part of the Wireshark® Certified Network Analyst program.

Course Outline:
Section 1: Introduction to Network Analysis and Wireshark®

• TCP/IP Analysis Checklist

• Top Causes of Performance Problems

• Get the Latest Version of Wireshark

• Capturing Traffic

• Opening Trace Files

• Processing Packets

• GTK Interface Overview

• The Icon Toolbar

• The Changing Status Bar

• Right-Click Functionality

• General Analyst Resources

• Your First Task When You Leave Class

Section 2: Learn Capture Methods and Use Capture Filters

• Checksum Issues at Capture

• Analyze Switched Networks

• Walk-Through a Sample SPAN Configuration

• Analyze Full-Duplex Links with a Network TAP

• Analyzing Wireless Networks

• Initial Analyzing Placement

• Remote Capture Techniques

• Identify Available Capture Interfaces

• Save Directly to Disk

• Capture File Configurations

• Limit Your Capture with Capture Filters

• Examine Key Capture Filters

Section 3: Customize for Efficiency - Configure Your Global Preferences

• First Step: Create a Troubleshooting Profile

• Customize the User Interface

• Add Custom Columns for the Packet List Pane

• Set Your Global Capture Preferences

• Define Name Resolution Preferences

• Configure Individual Protocol Preferences

Section 4: Navigate Quickly and Focus Faster with Coloring Techniques

• Move Around Quickly: Navigation Techniques Find a Packet Based on Various Characteristics Build Permanent Coloring Rules Identify a Coloring Source Apply Temporary Coloring Mark Packets of Interest

Section 5: Spot Network and Application Issues with Time Values and Summaries

• Examine the Delta Time (End-of-Packet to End-of-Packet)

• Set a Time Reference

• Compare Timestamp Values

• Compare Timestamps of Filtered Traffic

• Enable and Use TCP Conversation Timestamps

• Compare TCP Conversation Timestamp Values

• Troubleshooting Example Using Time

• Analyzing Delay Types

Section 6: Create and Interpret Basic Trace File Statistics

• Examine Trace File Summary Information

• View Active Protocols

• Graph Throughput to Spot Performance Problems Quickly

• Locate the Most Active Conversations and Endpoints

• Other Conversation Options

• Graph the Traffic Flows for a More Complete View

• Numerous Other Statistics are Available

• Quick Overview of VoIP Traffic Analysis Tools

Section 7: Focus on Traffic Using Display Filters

• Overview of Display Filters

• Filter on Conversations/Endpoints

• Build Filters Based on Packets

• Understand Display Filter Syntax

• Use Comparison Operators and Advanced

• Filters Filter on Text Strings

• Build Filters Based on Expressions

• Watch for Common Display Filter Mistakes

• Manually Edit the dfilters File

Section 8: Effectively Use Command-Line Tools

• Tshark and Dumpcap Command-Line Tools

• Capinfos Command-Line Tool

• Editcap Command-Line Tool

• Mergecap Command-Line Tool

• Text2pcap Command-Line Tool

• Split and Merge Trace Files

Section 9: TCP/IP Communications and Resolutions Overview

• TCP/IP Functionality Overview

• When Everything Goes Right

• The Multi-Step Resolution Process

• Resolution Helped Build the Packet

• Where Can Faults Occur?

• Typical Causes of Slow Performance

Section 10: Analyze Domain Name System (DNS) Traffic

• DNS Overview

• DNS Packet Structure

• DNS Queries

• Filter on DNS Traffic

• Analyze Normal/Problem DNS Traffic

Section 11: Analyze Address Resolution Protocol (ARP) Traffic

• ARP Overview

• ARP Packet Structure

• Filter on ARP Traffic

• Analyze Normal/Problem ARP Traffic

Section 12: Analyze Internet Protocol (IPv4) Traffic

• IPv4 Overview

• IPv4 Packet Structure

• Analyze Broadcast/Multicast Traffic

• Filter on IPv4 Traffic

• IP Protocol Preferences

• Analyze Normal/Problem IP Traffic

Section 13: Analyze Internet Control Message Protocol (ICMP) Traffic

• ICMP Overview

• ICMP Packet Structure

• Filter on ICMP Traffic

• Analyze Normal/Problem ICMP Traffic

Section 14: Analyze User Datagram Protocol (UDP) Traffic

• UDP Overview

• Watch for Service Refusals

• UDP Packet Structure

• Filter on UDP Traffic

• Follow UDP Streams to Reassemble Data

• Analyze Normal/Problem UDP Traffic

Section 15: Analyze Transmission Control Protocol (TCP) Protocol

• TCP Overview

• The TCP Connection Process

• TCP Handshake Problem

• Watch Service Refusals

• TCP Packet Structure

• The TCP Sequencing/Acknowledgment Process

• Packet Loss Detection in Wireshark

• Fast Recovery/Fast Retransmission Detection in Wireshark

• Retransmission Detection in Wireshark

• Out-of-Order Segment Detection in Wireshark

• Selective Acknowledgement (SACK) Overview

• Window Scaling Overview

• Window Size Issue: Receive Buffer Problem

• Window Size Issue: Unequal Window Size Beliefs

• TCP Sliding Window Overview

• Troubleshoot TCP Quickly with Expert Info

• Filter on TCP Traffic and TCP Problems

• Properly Set TCP Preferences

• Follow TCP Streams to Reassemble Data

Section 16: Examine Advanced Trace File Statistics

• Build Advanced IO Graphs

• Graph Round Trip Times

• Graph TCP Throughput

• Find Problems Using TCP Time-Sequence Graphs

Section 17: Analyze Hypertext Transfer Protocol (HTTP) Traffic

• HTTP Overview

• HTTP Packet Structure

• Filter on HTTP Traffic

• Reassembling HTTP Objects

• HTTP Statistics

• Analyze Normal/Problem HTTP Traffic

Section 18: Analyze SSL Encrypted Traffic (HTTPS)

• Examining SSL/HTTPS Traffic

• Wireshark v1.6.0 Bug Alert #201106

• Filter on SSL

Section 19: Analyze File Transfer Protocol (FTP) Traffic

• FTP Overview

• FTP Packet Structure

• Analyze Active Mode Connections

• Analyze Passive Mode Connections

• Filter on FTP Traffic

• Analyze Normal/Problem FTP Traffic

Section 20: Review Your 10 Key Troubleshooting Steps

• Key Task 1: Baseline “Normal” Traffic

• Key Task 2: Use Color

• Key Task 3: Look Who’s Talking–Examine Conversations and Endpoints Key Task 4: Focus by Filtering

• Key Task 5: Create Basic IO Graphs

• Key Task 6: Examine Delta Time Values

• Key Task 7: Examine the Expert System

• Key Task 8: Follow the Streams

• Key Task 9: Graph Bandwidth Use, Round Trip Time and TCP Time/Sequence Information

• Key Task 10: Watch Refusals and Redirections

Format: 5 days Classroom Instruction
Start/End Times: 09:00-18:00
Recommended Class Size: 6-15
Language: English
BYOD: Bring Your Own Device (Laptop with Windows) 

Copyright © SCOS Software bv | Home • Products • Contact • Press Releases