Course Outline
Day 1
Overview of Network Analysis
- Essentials of the OSI reference model and TCP/IP networks.
- Methodologies and tools for troubleshooting.
- Introduction to Wireshark.
- Understanding Wireshark: Portable version and available resources.
- Structure of the Wireshark GUI: Panes (Packet List, Details, Packet Bytes), Status Bar, and more.
- Architecture and processing flow: Understanding what Wireshark cannot capture and why.
- Supported protocols and dissectors.
- Preferences and configurations: Global settings versus profile-specific options.
- Understanding time values.
- Lab exercises.
Day 2
Capturing Traffic
- Key considerations before starting a capture.
- Promiscuous mode explained.
- Configuring capture filters.
- Setting automatic stop criteria.
- Performing remote captures.
- Lab exercises.
Traffic Analysis: Tools and Approaches
- Creating an analysis checklist.
- Utilizing features: name resolution, colorization, marking, ignoring, commenting, time references, and time shifts.
- Understanding the Expert System.
- Accessing options via the Right-Click menu.
- Interpretation using reference patterns and understanding the impact of OS/driver Offload features.
- Saving analysis results.
- Lab exercises and case studies.
Day 3
Traffic Analysis: Tools and Approaches (Continued)
- Filtering traffic: Setting up display filters (including "in-flight" filters and macros) and following streams.
-
Quantitative analysis.
- Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packet Lengths, and IP-specific data.
- Protocol-specific analysis (e.g., TCP Stream Graphs).
- Advanced custom statistics using the I/O Graph.
- Flow visualization techniques.
Day 4
Traffic Analysis: Protocols
- Data-Link Layer: Ethernet II.
- Network Layer: IPv4.
-
Transport Layer: TCP, UDP.
- Packet loss and recovery mechanisms.
- Events related to lost previous segments and out-of-order segments.
- Duplicate ACKs and Fast Retransmissions.
- TCP Retransmissions.
- Zero Window, Window changes, and other window-related issues.
- Application Layer: HTTP, FTP.
- Lab exercises and case studies.
Day 5
Traffic Analysis: Common Issues in Network Performance Assessment
- Causes of performance problems.
- Packet loss.
- Bandwidth issues: A layered approach to measurement.
- Latency: Assessing end-to-end latency and visualization.
- Lab exercises.
-
(Wireshark) command-line tools:
- tshark (terminal-based Wireshark), dumpcap, rawshark, tcpdump.
- editcap, mergecap, capinfos, text2pcap.
Advanced Topics
- Advanced filters and grouped I/O statistics.
- Summary and Q&A.
Requirements
1. Understanding of the ISO OSI Reference Model (ITU-T X.200) and the TCP/IP protocol stack.
2. Basic proficiency with the Unix/Linux OS: familiarity with the UNIX terminal, directory structures, file listing and manipulation (creating, changing, copying, moving, removing directories and files), redirection, pipes, and process management (listing suspended and background processes).
Hardware & Software Requirements
1. Hardware: Minimum 16GB RAM and 60GB free disk space.
2. OS: Ubuntu Linux OS is recommended. Required applications include ip, iperf, and ipcalc.
3. Software: Wireshark application (https://www.wireshark.org/download.html).
Ensure all components are the latest stable releases available.
Testimonials (3)
practical case studies
Kamil - P4 Sp. z o.o.
Course - Basic Network Troubleshooting Using Wireshark
knowledge of the instructor
Grzegorz - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark
Many exercises, good knowladge
