Wireshark Packet Analysis Boot Camp (PAPW)

Course Description Schedule Course Outline

Course Content

Packet Analysis Power Workshop (PAPW) v1.3 is a 5 day Fast Lane course designed to give you a basic understanding of how to use the Wireshark Analyzer with all features and functions. You will gain knowledge on troubleshooting network protocols and pinpointing the source of bad performance using Wireshark. The PAPW training class reinforces the instruction by providing you with plenty of hands-on labs in which a wide range of network problems are closely examined.

Who should attend

  • Network administrators, network managers, and all technical staff who are responsible for planning, implementing and ensuring high performance operation of their data networks.


Basic understanding of Network Fundamentals and TCP/IP operation.

Course Objectives

Upon completing this course,you will be able to meet these overall objectives:

  • Master the Wireshark user interface and configuration
  • Select measuring point and measuring technique
  • Collect and evaluating network statistics
  • Identify probable causes
  • Examine network protocol layers for abnormal behavior
  • Determine the source of a problem: network, workstation, server or application
  • Improve network performance where possible
  • Correct inefficient network configurations

Detailed Course Outline

Module 1: Overview Network Analysis

  • Overview Wireshark & Ethereal
  • Special Capture Hardware
  • Installation and first capture

Module 2: Userinterface and Navigation

  • View Panes
  • Toolbar and Statusbar
  • Decode and Hexview
  • Column Configuration
  • Searching in Tracefiles
  • Using Display Filters
  • Capture to Disk and Ring buffer Capture
  • Capture Filters
  • Open, Save, Export, Print for captured network data

Module 3: Additional Configuration and command line tools

  • Name resolution: MAC, Network, Service
  • GeoIP localization of IP addresses
  • Colorization of packets with specific attributes
  • TCP Protocol Reassembly for reconstructing content
  • Wireshark Peculiarities: Checksum errors, wrong frame size readings
  • Configuration profiles for keeping multiple settings
  • Command line tools: tshark, mergecap, editcap, dumpcap

Module 4: Functions and Statistics

  • Baselining the network
  • Summary Statistics
  • Endpoint List, Conversation List
  • Protocol Hierarchy
  • TCP Stream Graphs and Round Trip Time
  • I/O Graph and Flow Graph
  • The Wireshark Expert
  • Service Respone Time Statistics

Module 5: Analysis Fundamentals

  • Network, Server, Cient or Application
  • Procedures to track down Problems
  • Planning captures
  • Point of Capture: HUB, SPAN
  • Response Time, Overhead, Throughput

Module 6: Troubleshooting

  • Troubleshooting Bottom-Up vs. Top-Down
  • Proving the Opposite
  • Correcting Problems
  • Typical Network Problems Overview
  • Application Design Errors
  • Application Types: Throughput, Transaction, Stream
  • Performance Parameters
  • Measuring Bandwidth
  • Response Times, Delay
  • TCP Turns

Module 7: Capturing network data

  • Topology: Cable vs. Wireless
  • Half Duplex / Full Duplex
  • Hub, SPAN, RSPAN, TAP/Splitter
  • Duplicate Frame Problem
  • Wireless capture
  • Best Practice

Module 8: Ethernet

  • Ethernet Standard
  • Duplex and Speed, Autonegotiation
  • Spanning Tree, RSTP
  • VLANs

Module 9: Internet Protocol (IP)

  • Best Effort Delivery
  • Fragmentation
  • Basic Routing

Module 10: ICMP

  • ICMP Codes and Types
  • Echo Request/Echo Reply
  • Destination Unreachable
  • TTL exceeded, Redirect

Module 11: ARP

  • Determining MAC address for IP
  • ARP in a routed network
  • Gratuitous ARP
  • Locating problems with ARP
  • Proxy ARP

Module 12: DHCP

  • DHCP functions, DORA
  • DHCP Options
  • Static assignments, address pools
  • DHCP Inform
  • DHCP Relay Agent / IP Helper

Module 13: TCP & UDP

  • TCP characteristics
  • TCP Flags, TCP Ports, Sockets
  • Three-Way-Handshake and Graceful Shutdown
  • Reset Packets, rejected Sessions
  • TCP header options
  • TCP Connection States
  • Sequence and Acknowledge
  • Sliding Window / Window Size as an performance indicator
  • Window Update, Window Probe
  • TCP Keep Alive
  • Packet Loss, Retransmissions & TCP Slow Start
  • Selective Acknowledgements
  • Nagle Algorithm
  • UDP Overview

Module 14: DNS

  • DNS vs. WINS
  • Domain Tree & Root Servers
  • DNS Protocol
  • Recursive Lookup
  • Authoritative Answers & Cached Responses
  • DNS Lookup Types
  • DNS Compression
  • Zone Transfers
  • DNS Error messages
  • Filtering on DNS queries with Wireshark

Module 15: FTP

  • Command and Transfer channel
  • Active vs. Passive FTP
  • Commands & Transfer modes
  • Authentication & Error codes
  • Problems running FTP

Module 16: HTTP

  • HTTP Protocol versions
  • Persistent vs. Nonpersistant sessions
  • HTTP request methods
  • GET & POST commands
  • HTTP Response codes
  • Stateless operation
  • Parameter transmission: Querystring, StdIO, Cookies


  • Searching in a tracefile
  • Display Filter
  • TCP Paket Reassembly
  • TCP Graphs
  • Throughput and Overhead
  • Case Study
  • Spanning Tree Analysis
  • Troubleshooting ICMP
  • ARP Operation
  • DHCP problems
  • TCP Handshake & Options
  • TCP Sliding Window
  • Packet Retransmissions
  • Nagle Algorithm
  • FTP Troubleshooting
  • HTTP
Classroom training

Duration: 5 days

  • US$ 3,595
Online training