Why this course?
This course provides a comprehensive working knowledge of Wireshark, its sophisticated tools and powerful features.
- Immediately employ Wireshark to gain the essential in-depth insight into how your network is operating.
- Learn the advanced features and tools that make working with Wireshark more productive.
- Learn how to analyse the protocols used in your own networks, for rapid disagnosis and troubleshooting.
- Save days of time learning and mastering Wireshark.
- Learn the insider tips, tricks and techniques that unleash the true power of Wireshark.
Delegates gain hands-on experience throughout the course. Each module incorporates intructor-led labs which reinforce the main learning points. A dedicated training course network and pre-captured traces are used for practical sessions.
Who should attend this course
- Everyone needing a comprehensive introduction to using Wireshark.
- Systems support staff wanting to monitor and analyse modern telecommunications and networking protocols.
- All Network and Telecommunications support staff, regardless of the types of networks they support.
Hands-on Practicals
Delegates gain hands on experience throughout the course. Each module incorporates intructor-led labs which reinforce the main learning points. A dedicated training course network and pre-captured traces are used for the hands-on practical sessions.
Lifetime Post-Course Support
After completing this training course, delegates receive lifetime post-training support from LEVER Technology Group, to help them apply the technologies and skills they have learned with us, to provide career-long support, and to ensure they are better equipped for their future roles in IT and networking.
Training Course Content
Wireshark User Interface
- Introduction
- Start Wireshark
- Opening Screen
- The Main window
- Main Window Navigation
- File
- Edit
- View
- Go
- Capture
- Analyze
- Statistics
- Telephony
- Tools
- Help
- Main Display
- Packet List Pane
- Packet Details
- Packet Bytes
- The Status bar
- Wireshark documentation
- Wireshark Familiarisation Lab
Capturing and Analysis of Live Network Traffic
- Introduction
- Start Capturing
- The Capture Interfaces dialog
- The Capture Options dialog
- Capture
- Capture File
- Stop Capture
- Restarting Capture
- Display Options frame
- Name Resolution for and against
- Reviewing the Capture
- Review of Ethernet
- Spanning tree Protocol
- Address Resolution Protocol
- 802.1q VLAN
Hands-on labs, including:
- Practical Capturing Packet Capture
- Capture replay
- Analysis Lab using Ethernet Protocols
Advanced Wireshark Capture and Analysis Tools
- Filtering Live Captures
- Filtering Saved Captures
- Pre Configured Filters
- Protocols
- Specific Protocol Fields
- Modification of Filters
- Highlighting Filtered Events/Finding Packets
- Marking packets
- Ignoring packets
- Time display formats and time references
- Packet time referencing options
- Designing and Building a Custom Filter
- Wireshark filter Expressions
- Single Expression Filter
- Multiple Expression Filter
- Filter Macros
- Saving Filters
- Advanced l Analysis Lab Using Standard and Custom Filters
Advanced Capture and Analysis of Commonly used Network and Application Protocols
- This section provides a theoretical description of each of key protocols, their structure and operation.
- Delegates use the techniques taught in previous sections to perform advanced Wireshark analysis on each protocol.
- This is important as some Wireshark decode displays are specific to their respective protocols, and will vary considerably from each other.
- Delegates learn the importance of Wireshark advanced features when working in multiprotocol environments.
- We include the following protocols (for one-company courses, the list is tailored to your requirements):
Protocol Decoding with Wireshark
- IPv4
- DHCP
- IP Routing Protocols
- Multi Protocol Label Switching, MPLS
- Wireshark TCP Tools
- Following TCP Streams
- TCP Segments
- UDP
- DNS
- FTP
- HTTP
- IP Multicasting
- IPv6
Wireshark and Real Time Applications
- VoIP and TDM emulation over IP (TDMoIP) are the main drivers for Quality of Service, (QoS) and class of Service( CoS) technologies. For this reason VoIP will be covered only in sufficient depth to understand QoS and CoS.
Wireshark tools for Real Time Traffic Analysis
- Voice and Video Codec Types
- Jitter
- Real Time Protocol, RTP
- Session Initiation Protocol, SIP Overview
- H.323
- H.248/Megaco
- TDMoIP
- MPEG Transport Stream analysis
- DSCP bits in the IP header
- EXP bits in the MPLS header
- 802.1p bits in the Ethernet VLAN header
Performance Monitoring Tools in Wireshark
- Conversation Defined
- Conversations window
- Conversation List
- Endpoint Definition
- Endpoints window
- Endpoint List
- IO Graphs
- Service Response Times
- Capture File Comparison
- Protocol Statistics
- Qos triggering
- Jitter analysis
- Endpoint Traffic Performance and QoS Analysis Lab
Wireshark Tools for Analysis of Encrypted Traffic
- Overview of encryption
- Certificates and Keys
- HTTPS and SSL
- Adding certificates and keys to Wireshark for Authorised decrypted monitoring lab
Capture Files and Printing
- Introduction
- Saving Captures
- Save Options
- File Formats
- Exporting Captures
- Printing Packets
- The Packet Range frame
- The Packet Format frame
- File Manipulation Lab
Additional Useful Features of Wireshark
- Command Line/Windows Shortcut Additional Syntax on Start-up
- Options for Analysing Encrypted Data
- Expert Info Entries
- Expert Info Composite
- Colorised Protocol Details Tree