Advanced Packet Analysis with Wireshark Analyzer (APAW)

Download PDF Download Course Outline (PDF)
Course Description Schedule Course Outline

Detailed Course Outline

Module 1: Capturing Network Data

  • Topology: Cable vs. Wireless
  • Half Duplex / Full Duplex
  • Hub, SPAN, RSPAN, TAP/Splitter
  • Duplicate Frame Problem
  • Wireless capture
  • Best Practice

Module 2: Ethernet

  • Ethernet Standard
  • Duplex and Speed, Autonegotiation
  • Spanning Tree, RSTP
  • VLANs

Module 3: Internet Protocol (IP)

  • Best Effort Delivery
  • Fragmentation
  • Basic Routing

Module 4: ICMP

  • ICMP Codes and Types
  • Echo Request/Echo Reply
  • Destination Unreachable
  • TTL exceeded, Redirect

Module 5: ARP

  • Determining MAC address for IP
  • ARP in a routed network
  • Gratuitous ARP
  • Locating problems with ARP
  • Proxy ARP

Module 6: DHCP

  • DHCP functions, DORA
  • BOOTP
  • DHCP Options
  • Static assignments, address pools
  • DHCP Inform
  • DHCP Relay Agent / IP Helper

Module 7: TCP & UDP

  • TCP characteristics
  • TCP Flags, TCP Ports, Sockets
  • Three-Way-Handshake and Graceful Shutdown
  • Reset Packets, rejected Sessions
  • TCP header options
  • TCP Connection States
  • Sequence and Acknowledge
  • Sliding Window / Window Size as an performance indicator
  • Window Update, Window Probe
  • TCP Keep Alive
  • Packet Loss, Retransmissions & TCP Slow Start
  • Selective Acknowledgements
  • Nagle Algorithm
  • UDP Overview

Module 8: DNS

  • DNS vs. WINS
  • Domain Tree & Root Servers
  • DNS Protocol
  • Recursive Lookup
  • Authoritative Answers & Cached Responses
  • DNS Lookup Types
  • DNS Compression
  • Zone Transfers
  • DNS Error messages
  • Filtering on DNS queries with Wireshark

Module 9: FTP

  • Command and Transfer channel
  • Active vs. Passive FTP
  • Commands & Transfer modes
  • Authentication & Error codes
  • Problems running FTP

Module 10: HTTP

  • HTTP Protocol versions
  • Persistent vs. Nonpersistant sessions
  • HTTP request methods
  • GET & POST commands
  • HTTP Response codes
  • Stateless operation
  • Parameter transmission: Querystring, StdIO, Cookies

Labs

  • Spanning Tree Analysis
  • Troubleshooting ICMP
  • ARP Operation
  • DHCP problems
  • TCP Handshake & Options
  • TCP Sliding Window
  • Packet Retransmissions
  • Nagle Algorithm
  • FTP Troubleshooting
  • HTTP