Wireshark Packet Analysis Boot Camp (PAPW)
Detailed Course Outline
Module 1: Overview Network Analysis
- Overview Wireshark & Ethereal
- Special Capture Hardware
- Installation and first capture
Module 2: Userinterface and Navigation
- View Panes
- Toolbar and Statusbar
- Decode and Hexview
- Column Configuration
- Searching in Tracefiles
- Using Display Filters
- Capture to Disk and Ring buffer Capture
- Capture Filters
- Open, Save, Export, Print for captured network data
Module 3: Additional Configuration and command line tools
- Name resolution: MAC, Network, Service
- GeoIP localization of IP addresses
- Colorization of packets with specific attributes
- TCP Protocol Reassembly for reconstructing content
- Wireshark Peculiarities: Checksum errors, wrong frame size readings
- Configuration profiles for keeping multiple settings
- Command line tools: tshark, mergecap, editcap, dumpcap
Module 4: Functions and Statistics
- Baselining the network
- Summary Statistics
- Endpoint List, Conversation List
- Protocol Hierarchy
- TCP Stream Graphs and Round Trip Time
- I/O Graph and Flow Graph
- The Wireshark Expert
- Service Respone Time Statistics
Module 5: Analysis Fundamentals
- Network, Server, Cient or Application
- Procedures to track down Problems
- Planning captures
- Point of Capture: HUB, SPAN
- Response Time, Overhead, Throughput
Module 6: Troubleshooting
- Troubleshooting Bottom-Up vs. Top-Down
- Proving the Opposite
- Correcting Problems
- Typical Network Problems Overview
- Application Design Errors
- Application Types: Throughput, Transaction, Stream
- Performance Parameters
- Measuring Bandwidth
- Response Times, Delay
- TCP Turns
Module 7: Capturing network data
- Topology: Cable vs. Wireless
- Half Duplex / Full Duplex
- Hub, SPAN, RSPAN, TAP/Splitter
- Duplicate Frame Problem
- Wireless capture
- Best Practice
Module 8: Ethernet
- Ethernet Standard
- Duplex and Speed, Autonegotiation
- Spanning Tree, RSTP
- VLANs
Module 9: Internet Protocol (IP)
- Best Effort Delivery
- Fragmentation
- Basic Routing
Module 10: ICMP
- ICMP Codes and Types
- Echo Request/Echo Reply
- Destination Unreachable
- TTL exceeded, Redirect
Module 11: ARP
- Determining MAC address for IP
- ARP in a routed network
- Gratuitous ARP
- Locating problems with ARP
- Proxy ARP
Module 12: DHCP
- DHCP functions, DORA
- BOOTP
- DHCP Options
- Static assignments, address pools
- DHCP Inform
- DHCP Relay Agent / IP Helper
Module 13: TCP & UDP
- TCP characteristics
- TCP Flags, TCP Ports, Sockets
- Three-Way-Handshake and Graceful Shutdown
- Reset Packets, rejected Sessions
- TCP header options
- TCP Connection States
- Sequence and Acknowledge
- Sliding Window / Window Size as an performance indicator
- Window Update, Window Probe
- TCP Keep Alive
- Packet Loss, Retransmissions & TCP Slow Start
- Selective Acknowledgements
- Nagle Algorithm
- UDP Overview
Module 14: DNS
- DNS vs. WINS
- Domain Tree & Root Servers
- DNS Protocol
- Recursive Lookup
- Authoritative Answers & Cached Responses
- DNS Lookup Types
- DNS Compression
- Zone Transfers
- DNS Error messages
- Filtering on DNS queries with Wireshark
Module 15: FTP
- Command and Transfer channel
- Active vs. Passive FTP
- Commands & Transfer modes
- Authentication & Error codes
- Problems running FTP
Module 16: HTTP
- HTTP Protocol versions
- Persistent vs. Nonpersistant sessions
- HTTP request methods
- GET & POST commands
- HTTP Response codes
- Stateless operation
- Parameter transmission: Querystring, StdIO, Cookies
Labs
- Searching in a tracefile
- Display Filter
- TCP Paket Reassembly
- TCP Graphs
- Throughput and Overhead
- Case Study
- Spanning Tree Analysis
- Troubleshooting ICMP
- ARP Operation
- DHCP problems
- TCP Handshake & Options
- TCP Sliding Window
- Packet Retransmissions
- Nagle Algorithm
- FTP Troubleshooting
- HTTP