.jpg){kind=small}
Wireshark/Ethereal Class - Full Day
This course will concentrate on how to get up and running with one of the popular protocol analyzers around. The instructor will determine which technical areas to focus on and the students get an opportunity to review network concepts from a tactical perspective. Network basics are reinforced with hands-on examples in a collaborative environment.
The “So What?” lesson is reviewed with the students after any important concept is presented. This will ensure the instructor and students fully understand the theory or concept just presented. The goal of the course is to empower the students with enough knowledge that they can immediately use. The habit of questioning leaves them with an inclination to understand new technology and become an efficient troubleshooter.
Curriculum
- What is a Protocol Analyzer?
- TCP/IP Task Offload in NDIS 5
-
Wireshark - Getting Started Tips
-
Wireshark TCP Checksums
-
Remote Captures using Wireshark and
rpcapd
-
Wireshark Desktop Shortcut to Start
Capturing
- Windows Installation Command Line Option
- Make It Easier To Launch Wireshark - Shortcut Key
- Starting Wireshark Edit -> Preferences
- Capture Options Dialogue Box
- Capturing From The Command line
- Capture Frame Capture Filters
- Capture Stop Triggers and Ring Buffers
- Frame Display Options
- Name Resolution Notes
- Sorting Columns
- Drag and Drop
- Endpoints and Conversation List
- Flow Graph Statistics
- Expert Info
- Display Filters
- Follow TCP Stream
-
Using Packet Bookmarks and Wireshark
- Expert Info Composite
- Exporting from Wireshark into Excel for advanced reporting.
- Capture packet from the command prompt to a file
- Capture packets from the windows command prompt
- Search packet for payload specifics
- Capture live HTTP traffic and HTTP review
- Capture live FTP traffic and HTTP review
- Review IP protocol
- Review TCP protocol
- Review UDP protocol
- Saving filtered packets
-
Troubleshooting Using Wireshark
- Various helpful protocol Display Filters
- Zooming In and Out
- Dynamic Baselining
- When to use Packet List, Packet Details and Packet Bytes
- File -> Export -> Objects -> HTTP feature
- Setting your Tie Display Format
- Caveats surrounding Name resolution
- Creating display filters from Statistics reports
- Firewall ACL feature
-
Capturing using Wireshark's tshark and
Autostop Option
-
Wireshark - tshark Ring Buffer Example
-
Using Wireshark's I/O Graphs
- Using Round-Trip graphs
- Interpreting tracefiles
-
Using Wireshark to Validate Your
Configs
-
Observing Duplicate IP's With
Wireshark
- Calculating response time
-
Network Discovery and Protocol
Analysis
- Documentation and Baselining examples
-
Reassembling a SMB File With Wireshark
-
Looking for HTTP Login Credentials
With Wireshark
-
Using Wireshark's Editcap to Reduce
Your Trace File Size
-
Using Wireshark's editcap to Remove
Duplicate Packets
-
Fetch Sharkie, Fetch ... Good Boy
-
Using Splitcap to Help Analyze Your
Wireshark Trace Files
-
Troubleshooting Performance Issues with Wireshark
-
Using Wireshark Accelerator Keys
-
Creating Wireshark MAC Filters
-
Wireshark, Excel and Pivot Tables
-
Configuring Pilot To Email You
Hands-on examples are used to reinforce these concepts.