TCP/IP Analysis and Troubleshooting with Wireshark

Audience

Designed for the Networking, Government and Security personnel that need to develop packet investigation and network optimization skills; this course encompasses key Wireshark skills such as customized software configuration, packet capture and analysis techniques.

Key areas of study include: Protocol behavior, analysis and threat recognition for a number of the critical user protocols including IPv4, DHCPv4, TCP, UDP, DNS, ICMPv4, as well as common Internet based User Protocols such as HTTP. Specific emphasis on specialized, Real-World analysis techniques including data traffic reconstruction.

Successful completion of this course will provide these individuals with a path-way into the fields of Network and Forensics Analysis.

Description

Effective Network analysis and Optimization encompasses the skills of not only capturing data, but also the ability to discern the key patterns hidden within the flood of network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

– Specialized software configuration and packet capture techniques using Wireshark 3.0

– Behavior, analysis and threat recognition for a number of the standard user version 4 protocols including IP, DHCP, TCP, UDP, DNS, ICMP, ARP and common Internet based User Protocols such as HTTP / HTTP 2.0 / NNTP

– Specialized filtering and Analysis techniques including data traffic reconstruction and viewing

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

Student quotes

“Extremely satisfied with the training. Very helpful instructor and great teaching methods

“If there’s a packet, it can be WireSharked!!”
“It is a perfect course and meet for what I came to achieve”
“Great for network analyses or forensic investigations”
“It was one of the best courses I have ever attended”
“Packets don’t lie”

What You'll learn
  1. Introduction to Network Analysis
    1. Network analysis challenges – Nomenclature and Terminology for Wireshark 3.0

  2. Collecting the Data
    1. Configuring Wireshark
    1. Building and optimizing configuration Profiles for data capture
      1. Importing and Exporting Porfiles
    2. Using capture filters to capture specific suspect traffic
    3. Fine-Tuning Wireshark 3.0 – Advanced Wireshark Profile Optimization
    4. Remote Capture Using Wireshark 3.0
    1.  Location – How Network Infrastructure Devices Effect Ethernet Network Analysis
      1. Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU

  3. Analyzing the Data – A Sample Network Analysis Methodology
    1. Effectively Navigating Wireshark 3.0 and Interpreting Color Rules
      1. 6 Steps for practical Network Analysis of suspicious traffic
        1. Answering the key questions – A Sample Network Analysis Methodology
      2. Understanding and Using Shortcuts
      3. Constructing, Using and Interpreting Color Rues in Wireshark 3.0
    2. My Network is Slow! – Using Wireshark 3.0 to Effectively Trouble Shoot Latency Issues
      1. The Importance of Effectively Using Time Values in Troubleshooting
        1. How Location affects Time Values
      2. Default vs. Specialized Time Values
        1. Cumulative Time Value
        2. Delta Time Value
        3. Conversational Time Values
    3. Expert Analysis – Introduction to Statistical Analysis and Graphing
      1. Wireshark 3.0 Updated Expert Systems
      2. Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
        1. The 6 Key Statistical Displays to Master
          1. What’s Normal vs. Abnormal – The Role of Baseline Files
          2. Building a Baseline Library – Where Do I go to Find Samples?
        2. Statistical Displays vs. Graphing
          1.  Types of Graphs
            1.  I/O vs. Flow vs. TCP
    4. Show me the Money! – Display Filters and Regular Expressions
      1. Using Wireshark 3.0 Standard Display Filtering
        1. Creating and Using Filter Buttons
      2. Advanced Display Filters
      3. Extending the Power of Wireshark 3.0 – Regular Expressions
  4. Analysis of Network Applications and User Traffic
    1.  The Networking Protocols
      1.  What’s Normal vs. Abnormal – The Role of Baseline Files
      2. Building a Baseline Library – Where Do I go to Find Samples?
    2.  The Key Networking Protocols and Functions
      1.  Configuration Protocols – DHCPv4
        1.  Structure and Analysis of DHCPv4
      2. Resolving Addresses – DNS / DNSSec
        1. Structure and Analysis of DNS
        2.  Fixing the Problem – DNSSec structure and Analysis
      3. The Network Layer – IPv4
        1.  Structure and Analysis of IPv4
        2. IP Options – What’s the Big Deal?
      4. Utility and Troubleshooting Protocols – Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMPv4)
        1. Structure and Analysis of ARP
        2. Structure and Analysis of ICMPv4
        3. Network Analysis Using the ICMP Analysis – Types and Codes
      5. The Transport Layer – Moving the Data – TCP / UDP
        1. Structure and Analysis of TCP
        2. TCP Options – What’s the Big Deal?
        3. TCP Analysis Using Expert Systems
        4. Structure and Advanced Analysis of UDP
      6. The Application Layer – Analyzing Common User Protocols
        1. Web-Based Applications Using HTTP / HTTP 2.0
          1. Structure and Analysis of HTTP
          2. Response Codes – The answer to analyzing HTTP
          3. Reassembling and Exporting of HTTP Objects
          4. New and Improved – HTTP 2.0 – a. Structure and Analysis of HTTP 2.0
        2. The Forgotten Part of the Internet – Usenet and NNTP
          1. Structure and Analysis of NNTP
          2. Response Codes – The answer to analyzing NNTP
          3. Reassembling and Exporting of NNTP Objects
      7.  Securing the Data – SSL / TLS
        1. Secure Socket Layer
          1. Structure and Analysis of SSL
          2. Response Codes – The answer to analyzing SSL
          3. Decrypting and Reassembling of SSL Objects
        2. Transport Layer Security
          1. Structure and Analysis of TLS
    1. Recap – Effective Troubleshooting Techniques

  5. Supplemental Resources
    1. Appendix “A” – Useful Stuff
    2. Appendix “B” – Book List: Recommended Reading
    3. Appendix “C” – Wireshark Command Line Program User Guides
    4. Appendix “D” – Wireshark USB Capture Guide

  6. Where do I go From Here? – Continuing Your Wireshark Education
    1. Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
    2. Wireshark 1 – TCP/IP Troubleshooting & Network Optimization Using Wireshark 3.0
    3. Wireshark 2 – Advanced Network and Security Analysis
    4. Wireshark 3 – Network Forensics Analysis
    5. Wireshark 4 – Mobile Device Forensics Analysis
    6. Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
    7. Wireshark 6 – VoIP Advanced Network Analysis
    8. Wireshark 7 – WiFi Advanced Network Analysis
    9. Wireshark 8 – SCADA and ICS Advanced Network Analysis
Format

5 days Classroom Instruction

Start/End Times

08:30-17:00

Recommended Class Size

6-16

Language

English