During this 2 day instructor led training course, delegates will receive a comprehensive introduction into the features, functions and the usage of the Wireshark Analyser and will learn methods and techniques about monitoring and analysis of their networks from the packet level.

. Overview of Wireshark

• Basic Wireshark functionality
• Platforms supported
• Wireshark functions
• Special hardware: AirPCAP, TurboPCAP
• OSI Reference Model
• Protocol Layers in practice

2. Using Wireshark – User Interface and Navigation

• Configuring the Panes
• Wireshark Toolbars
• Decode and Hexview
• Meta information
• Status bar
• Dropped Frames – 1GB Capture Example
• Configuration
• Column Configuration
• Delta Time Settings
• Relative Time and Cumulative Bytes
• Search function
• Marking Frames
• Filtering and Filter Types
• Display Filters
• Logical Operators
• Negative Filters
• Capture Filters
• Interface list options
• Capture Filter List
• Filter References
• File Management
• Extracting and Exporting files

3. Additional Configuration Options and Tools

• Name Resolution
• MAC Address Name Resolution
• Network Name Resolution
• Manual Network Name Resolution
• Protocol Name Resolution
• GeoIP Localization
• Color Settings
• Packet Colorization
• Hands-On
• Protocol Reassembly
• Reassembly: Pro and Con
• Wireshark Peculiarities Offloading, Padding, etc
• Wireshark point of capture
• Erroneous Checksum Report
• Invalid Packet Size
• Configuration Profiles
• Configuration File Paths
• Commandline Tools
  • tshark
  • dumpcap
  • editcap
  • mergecap

4. Functions and Statistics

• Functions and Statistics
• Baselining
• Hosts, Sessions, Protocols
• Summary Statistics
• Endpoint List
• Endpoint List Filters
• Conversations
• Protocol Hierarchy
• I/O and TCP Stream Graphs
• Flow Graph
• Wireshark Expert
• Service Response Time

5. Analysis Fundamentals

• Network, Server, Client, or Application?
• Step 1: Describe the Problem
• Step 2: Planning the Capture
• Step 3: Capture the data
• Capturing at the server
• Selecting the Point of Capture
• Capturing on a Switch
• Capturing with Hubs/Mini Switches
• Response time, Throughput, Overhead, Throughput and Overhead

6. Troubleshooting

• Troubleshooting – Introduction
• Correcting problems
• Typical Network Problems
• Layer 2, Layer 3
• Layer 4
• Typical Application Problems
• Performance Factors
• Application Types
• Application Design Errors
• Performance Parameters
• Determining Actual Performance
• Throughput: Measuring Bandwidth
• Measuring Response Times

LAB Exercises:

• 1–1 Installing Wireshark
• 2–1 Column Configuration
• 2–2 Searching in a Trace
• 2–3 Display Filter
• 2–4 Capture Filters
• 3–1 Searching in a Trace
• 3–2 TCP Re-Assembly
• 4–1 TCP Graphs
• 4–2 Service Response Times
• 5–1 Display Filter
• 6–1 Troubleshooting Case Study

This is aimed at network administrators, network managers and all technical staff who are responsible for planning, implementing, and ensuring high performance operation of their data networks.

Basic understanding of Network Fundamentals and TCP/IP operation such as the topics covered in the Networking & TCP/IP Fundamentals (NWF) course.