Course Outline
Day 1
Overview of Network Analysis
- Essentials of the OSI Reference Model and TCP/IP networks.
- Troubleshooting tools and methodologies.
- Introduction to Wireshark
- Understanding Wireshark: Portable versions and available resources.
- Wireshark GUI layout: Panes (Packet List, Details, Packet Bytes), Status Bar, etc.
- Architecture and processing flow: What cannot be seen with Wireshark and why?
- Supported protocols and dissectors.
- Preferences and configurations: Global settings and profile-specific options.
- Working with time values.
- Lab exercises.
Day 2
Capturing Traffic
- Key considerations before starting a capture.
- Promiscuous mode.
- Capture filters.
- Automatic stop criteria.
- Remote capture techniques.
- Lab exercises.
Traffic Analysis: Tools and Approaches
- Analysis checklist.
- Utilizing features: name resolution, colorization, marking, ignoring, commenting, time references, time shifts, etc.
- Understanding the Expert System.
- Accessing options via right-click functionality.
- Interpretation (reference patterns) and understanding the impact of OS/driver offload features.
- Saving results.
- Lab exercises and case studies.
Day 3
Traffic Analysis: Tools and Approaches (Continued)
- Filtering traffic: Display filters (creating "in-flight" filters and macros), following streams.
-
Quantitative analysis.
- Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packet Lengths, IP-specific data.
- Protocol-specific analysis (e.g., TCP Stream Graphs).
- Advanced custom statistics using I/O Graphs.
- Flow visualization.
Day 4
Traffic Analysis: Protocols
- Data-Link Layer: Ethernet II.
- Network Layer: IPv4.
-
Transport Layer: TCP, UDP.
- Packet loss and recovery mechanisms.
- Events involving lost previous segments and out-of-order segments.
- Duplicate ACKs and Fast Retransmissions.
- TCP Retransmissions.
- Zero Window, Window changes, and other window-related problems.
- Application Layer: HTTP, FTP.
- Lab exercises and case studies.
Day 5
Traffic Analysis: Common Issues in Network Performance Assessment
- Causes of performance problems.
- Packet loss.
- Bandwidth issues: A layered approach to measurement.
- Latency: Assessing end-to-end latency and visualization.
- Lab exercises.
-
(Wireshark) command-line tools:
- tshark (terminal-based Wireshark), dumpcap, rawshark, tcpdump.
- editcap, mergecap, capinfos, text2pcap.
Advanced Topics
- Advanced filters and grouped I/O statistics.
- Summary and Q&A.
Requirements
1. Understanding of the ISO OSI Reference Model (ITU-T X.200) and the TCP/IP protocol stack.
2. Fundamental knowledge of Unix/Linux operating systems, including: UNIX terminal usage, directory structure navigation, file and directory listing, creation and deletion of directories, navigating between directories, copying, moving, and removing files and directories, using redirection and pipes, and managing processes (listing suspended and background processes).
Required Hardware & Software
1. Hardware: Minimum 16GB RAM and at least 60GB of free disk space.
2. Operating System: Ubuntu Linux is recommended. If using this OS, install the following applications: ip,
iperf, ipcalc.
3. Software: Wireshark application (https://www.wireshark.org/download.html).
All components should be the latest stable releases.
Testimonials (3)
practical case studies
Kamil - P4 Sp. z o.o.
Course - Basic Network Troubleshooting Using Wireshark
knowledge of the instructor
Grzegorz - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark
Many exercises, good knowladge
