Advanced Packet Analysis with Wireshark Analyzer (APAW)

Course Description Schedule Course Outline

About this Course

Advanced Packet Analysis with Wireshark Analyzer (APAW) is a 3 day Fast Lane course designed to enhance your knowledge on troubleshooting network protocols and pinpointing the source of bad performance using Wireshark. The APAW training class reinforces the instruction by providing you with plenty of hands-on labs in which a wide range of network problems are closely examined.

Who should attend

  • Network administrators, network managers and all technical staff who are responsible for
  • planning, implementing, and ensuring high performance operation of their data networks

Class Prerequisites

  • Basic understanding of Network Fundamentals and TCP/IP operation
  • Experienced handling of Wireshark (see PAW)

What You Will Learn

Upon completing this course, you will be able to:

  • Examine network protocol layers for abnormal behavior
  • Determine the source of a problem: network, workstation, server or application
  • Improve network performance wherever possible
  • Correct inefficient network configurations

Outline: Advanced Packet Analysis with Wireshark Analyzer (APAW)

Module 1: Capturing Network Data

  • Topology: Cable vs. Wireless
  • Half Duplex / Full Duplex
  • Hub, SPAN, RSPAN, TAP/Splitter
  • Duplicate Frame Problem
  • Wireless capture
  • Best Practice

Module 2: Ethernet

  • Ethernet Standard
  • Duplex and Speed, Autonegotiation
  • Spanning Tree, RSTP
  • VLANs

Module 3: Internet Protocol (IP)

  • Best Effort Delivery
  • Fragmentation
  • Basic Routing

Module 4: ICMP

  • ICMP Codes and Types
  • Echo Request/Echo Reply
  • Destination Unreachable
  • TTL exceeded, Redirect

Module 5: ARP

  • Determining MAC address for IP
  • ARP in a routed network
  • Gratuitous ARP
  • Locating problems with ARP
  • Proxy ARP

Module 6: DHCP

  • DHCP functions, DORA
  • DHCP Options
  • Static assignments, address pools
  • DHCP Inform
  • DHCP Relay Agent / IP Helper

Module 7: TCP and UDP

  • TCP characteristics
  • TCP Flags, TCP Ports, Sockets
  • Three-Way-Handshake and Graceful Shutdown
  • Reset Packets, rejected Sessions
  • TCP header options
  • TCP Connection States
  • Sequence and Acknowledge
  • Sliding Window / Window Size as an performance indicator
  • Window Update, Window Probe
  • TCP Keep Alive
  • Packet Loss, Retransmissions and TCP Slow Start
  • Selective Acknowledgements
  • Nagle Algorithm
  • UDP Overview

Module 8: DNS

  • DNS vs. WINS
  • Domain Tree and Root Servers
  • DNS Protocol
  • Recursive Lookup
  • Authoritative Answers and Cached Responses
  • DNS Lookup Types
  • DNS Compression
  • Zone Transfers
  • DNS Error messages
  • Filtering on DNS queries with Wireshark

Module 9: FTP

  • Command and Transfer channel
  • Active vs. Passive FTP
  • Commands and Transfer modes
  • Authentication and Error codes
  • Problems running FTP

Module 10: HTTP

  • HTTP Protocol versions
  • Persistent vs. Nonpersistant sessions
  • HTTP request methods
  • GET and POST commands
  • HTTP Response codes
  • Stateless operation
  • Parameter transmission: Querystring, StdIO, Cookies


  • Spanning Tree Analysis
  • Troubleshooting ICMP
  • ARP Operation
  • DHCP problems
  • TCP Handshake & Options
  • TCP Sliding Window
  • Packet Retransmissions
  • Nagle Algorithm
  • FTP Troubleshooting
  • HTTP
Classroom Training

Duration 3 days

  • United States: US$ 2,395
Enroll now
Online Training

Duration 3 days

  • United States: US$ 2,395
Enroll now