Packet Analysis with Wireshark Analyzer (PAW)
Detailed Course Outline
Module 1: Overview Network Analysis
- Overview Wireshark & Ethereal
- Special Capture Hardware
- Installation and first capture
Module 2: User interface and Navigation
- View Panes
- Toolbar and Statusbar
- Decode and Hexview
- Column Configuration
- Searching in Tracefiles
- Using Display Filters
- Capture to Disk and Ring buffer Capture
- Capture Filters
- Open, Save, Export, Print for captured network data
Module 3: Additional Configuration and command line tools
- Name resolution: MAC, Network, Service
- GeoIP localization of IP addresses
- Colorization of packets with specific attributes
- TCP Protocol Reassembly for reconstructing content
- Wireshark Peculiarities: Checksum errors, wrong frame size readings
- Configuration profiles for keeping multiple settings
- Command line tools: tshark, mergecap, editcap, dumpcap
Module 4: Functions and Statistics
- Baselining the network
- Summary Statistics
- Endpoint List, Conversation List
- Protocol Hierarchy
- TCP Stream Graphs and Round Trip Time
- I/O Graph and Flow Graph
- The Wireshark Expert
- Service Respone Time Statistics
Module 5: Analysis Fundamentals
- Network, Server, Cient or Application
- Procedures to track down Problems
- Planning captures
- Point of Capture: HUB, SPAN
- Response Time, Overhead, Throughput
Module 6: Troubleshooting
- Troubleshooting Bottom-Up vs. Top-Down
- Proving the Opposite
- Correcting Problems
- Typical Network Problems Overview
- Application Design Errors
- Application Types: Throughput, Transaction, Stream
- Performance Parameters
- Measuring Bandwidth
- Response Times, Delay
- TCP Turns
Labs
- Searching in a tracefile
- Display Filter
- TCP Paket Reassembly
- TCP Graphs
- Throughput and Overhead
- Case Study