Course Outline
Day 1
Overview of network analysis
- Essentials of the OSI reference model and TCP/IP networks.
- Troubleshooting tools and methodologies.
- Introduction to Wireshark
- What is Wireshark? Portable Wireshark. Resources.
- Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
- Architecture and processing flow. What and why cannot be seen with Wireshark?
- Supported protocols. Dissectors.
- Preferences and configurations; global and profile specific.
- Time values.
- Lab exercises.
Day 2
Capturing traffic
- Important considerations before starting.
- Promiscuous mode.
- Capture filters.
- Automatic stop criteria.
- Remote capture.
- Lab exercises.
Traffic analysis: tools and approaches
- Analysis checklist.
- Utilising features: name resolution, colorization, marking, ignoring, commenting, using time references, time shifts, etc.
- Understanding the Expert System.
- Accessing options through Right-Click functionality.
- Interpretation (reference patterns), impact of OS/driver Offload features.
- Saving results.
- Lab exercises and case studies.
Day 3
Traffic analysis: tools and approaches (continued)
- Filtering traffic: Display filters (preparing 'in-flight' filters, macros), following stream.
-
Quantitative analysis.
- Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IP-specific.
- Protocol specific analysis (e.g.: TCP Stream Graphs).
- Advanced custom statistics with I/O Graph.
- Flow visualization.
Day 4
Traffic analysis: protocols
- Data-Link Layer: Ethernet II.
- Network Layer: IPv4.
-
Transport Layer: TCP, UDP.
- Packet loss and recovery.
- Previous segment lost and Out-of-Order Segments events.
- Duplicate ACKs and Fast Retransmissions.
- TCP Retransmissions.
- Zero Window, Window changes and other window problems.
- Application layer: HTTP, FTP.
- Lab exercises and case studies.
Day 5
Traffic analysis: common issues in network performance assessment
- Causes of performance problems.
- Packet loss.
- Bandwidth issues. Layered approach to measurement.
- Latency: assessing end to end latency, visualization.
- Lab exercises.
-
(Wireshark) command-line tools:
- tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
- editcap, mergecap, capinfos, text2pcap.
Advanced topics
- Advanced filters, grouped iostats.
- Summary and Q&A.
Requirements
1. Understanding of the ISO OSI Reference Model - ITU-T X.200 and the TCP/IP protocol stack.
2. Fundamental knowledge of the Unix/Linux OS: UNIX terminal, directory structure, listing files and directories, creating directories, navigating directories, copying, moving and removing files and directories, redirection, pipes, processes - listing suspended and background processes.
Hardware & Software
1. Hardware: Minimum 16GB of RAM, minimum 60GB of free disk space available.
2. OS: Ubuntu Linux OS is preferred. In this case, the following applications must be installed: ip,
iperf, ipcalc.
3. Software: Wireshark application (https://www.wireshark.org/download.html).
All software should be the latest stable, available releases.
Testimonials (3)
practical case studies
Kamil - P4 Sp. z o.o.
Course - Basic Network Troubleshooting Using Wireshark
knowledge of the instructor
Grzegorz - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark
Many exercises, good knowladge
