Wireshark Training in ACTE

Pre requisite’s

Students should be able to use a web editor. This course concentrates on coding XHTML, not learning an
application. Students should also know how to upload webpages to a website.

Course Content
Introduction to Network Analysis and Wireshark

 TCP/IP Analysis Checklist

 Top Causes of Performance Problems
 Get the Latest Version of Wireshark
 Capturing Traffic
 Opening Trace Files
 Processing Packets
 GTK Interface
 The Icon Toolbar
 The Changing Status Bar
 Right-Click Functionality
 General Analyst Resources
 Your First Task When You Leave Class

Learn Capture Methods and Use Capture Filters

 Checksum Issues at Capture

 Analyze Switched Networks
 Walk-Through a Sample SPAN Configuration
 Analyze Full-Duplex Links with a Network TAP
 Analyze Wireless Networks
 Initial Analyzing Placement
 Remote Capture Techniques
 Available Capture Interfaces
 Save Directly to Disk
 Capture File Configurations
 Limit Your Capture with Capture Filters
 Examine Key Capture Filters

Customize for Efficiency: Configure Your Global Preferences

 First Step: Create a Troubleshooting Profile

 Customize the User Interface
 Add Custom Columns for the Packet List Pane
 Set Your Global Capture Preferences
 Define Name Resolution Preferences
 Configure Individual Protocol Preferences
 Navigate Quickly and Focus Faster with Coloring Techniques

 Move Around Quickly: Navigation Techniques

 Find a Packet Based on Various Characteristics
 Build Permanent Coloring Rules
 Identify a Coloring Source
 Apply Temporary Coloring
 Mark Packets of Interest

Spot Network and Application Issues with Time Values and Summaries

 Examine the Delta Time (End-of-Packet to End-of-Packet)

 Set a Time Reference
 Compare Timestamp Values
 Compare Timestamps of Filtered Traffic
 Enable and Use TCP Conversation Timestamps
 Compare TCP Conversation Timestamp Values
 Troubleshooting Example Using Time
 Analyze Delay Types

Create and Interpret Basic Trace File Statistics

 Examine Trace File Summary Information

 View Active Protocols
 Graph Throughput to Spot Performance Problems Quickly
 Locate the Most Active Conversations and Endpoints
 Other Conversation Options
 Graph the Traffic Flows for a More Complete View
 Numerous Other Statistics are Available
 Quick Overview of VoIP Traffic Analysis Tools

Focus on Traffic Using Display Filters

 Display Filters
 Filter on Conversations/Endpoints
 Build Filters Based on Packets
 Display Filter Syntax
 Use Comparison Operators and Advanced Filters
 Filter on Text Strings
 Build Filters Based on Expressions
 Watch for Common Display Filter Mistakes
 Manually Edit the dfilters File

Effectively Use Command-Line Tools

 TShark and Dumpcap Command-Line Tools

 Capinfos Command-Line Tool
 Editcap Command-Line Tool
 Mergecap Command-Line Tool
 Text2pcap Command-Line Tool
 Split and Merge Trace Files

TCP/IP Communications and Resolutions Overview

 TCP/IP Functionality
 When Everything Goes Right
 The Multi-Step Resolution Process
 Resolution Helped Build the Packet
 Where Faults Can Occur
 Typical Causes of Slow Performance

Analyze DNS Traffic

 DNS Overview
 DNS Packet Structure
 DNS Queries
 Filter on DNS Traffic
 Analyze Normal/Problem DNS Traffic

Analyze ARP Traffic

 ARP Overview
 ARP Packet Structure
 Filter on ARP Traffic
 Analyze Normal/Problem ARP Traffic

Analyze IPv4 Traffic

 IPv4 Overview
 IPv4 Packet Structure
 Analyze Broadcast/Multicast Traffic
 Filter on IPv4 Traffic
 IP Protocol Preferences
 Analyze Normal/Problem IP Traffic

Analyze ICMP Traffic

 ICMP Overview
 ICMP Packet Structure
 Filter on ICMP Traffic
 Analyze Normal/Problem ICMP Traffic

Analyze UDP Traffic

 UDP Overview
 Watch for Service Refusals
 UDP Packet Structure
 Filter on UDP Traffic
 Follow UDP Streams to Reassemble Data
 Analyze Normal/Problem UDP Traffic

Analyze TCP Protocol

 TCP Overview
 The TCP Connection Process
 TCP Handshake Problem
 Watch Service Refusals
 TCP Packet Structure
 The TCP Sequencing/Acknowledgment Process
 Packet Loss Detection in Wireshark
 Fast Recovery/Fast Retransmission Detection in Wireshark
 Retransmission Detection in Wireshark
 Out-of-Order Segment Detection in Wireshark
 Selective Acknowledgement (SACK)
 Window Scaling
 Window Size Issue: Receive Buffer Problem
 Window Size Issue: Unequal Window Size Beliefs
 TCP Sliding Window Overview
 Troubleshoot TCP Quickly with Expert Info
 Filter on TCP Traffic and TCP Problems
 Properly Set TCP Preferences
 Follow TCP Streams to Reassemble Data

Examine Advanced Trace File Statistics

 Build Advanced IO Graphs

 Graph Round Trip Times
 Graph TCP Throughput
 Find Problems Using TCP Time-Sequence Graphs

Analyze HTTP Traffic

 HTTP Overview
 HTTP Packet Structure
 Filter on HTTP Traffic
 Reassembling HTTP Objects
 HTTP Statistics
 Analyze Normal/Problem HTTP Traffic

Analyze SSL-Encrypted Traffic (HTTPS)

 Examining SSL/HTTPS Traffic

 Wireshark v1.6.0 Bug Alert #201106
 Filter on SSL

Analyze File Transfer Protocol (FTP) Traffic

 FTP Overview
 FTP Packet Structure
 Analyze Active Mode Connections
 Analyze Passive Mode Connections
 Filter on FTP Traffic
 Analyze Normal/Problem FTP Traffic

Your 10 Key Troubleshooting Steps

 Baseline "NormalTraffic
 Use Color
 Look Who's Talking: Examine Conversations and Endpoints
 Focus by Filtering
 Create Basic IO Graphs
 Examine Delta Time Values
 Examine the Expert System
 Follow the Streams
 Graph Bandwidth Use, Round Trip Time, and TCP Time/Sequence Information
 Watch Refusals and Redirections