SCOS Software Home | Contact
 
 Home
 
Wireshark University:
Analyzing TCP/IP Networks
Troubleshooting and Securing
Troubleshooting TCP/IP Networks
 
  dotNet Academy:
CSI - Cyber Security Investigations
WiFi / 802.11 Network Analysis
VoIP Network Analysis
 
 
AirPcap
CACE Pilot
 
 
Training Dates
 
 
 Contact


Wireshark University
Wireshark Core 2
Troubleshooting and Securing TCP/IP Networks with Wireshark


In this lab-based course, you will gain the skills required to effectively troubleshoot and secure a TCP/IP network by analyzing network traffic with Wireshark. Spend half of your class time learning techniques to analyze traffic on poorly performing TCP/IP networks using the world's most popular analyzer, Wireshark. After that, you will learn to identify reconnaissance processes on the network and indications that a host is compromised. With the strong emphasis on hands-on lab exercises and real-world case studies in this course, you will gain skills you can use immediately following the class. On the last day of class, you will review Wireshark functionality, TCP/IP troubleshooting, and security.

What You'll Learn
  • Place the analyzer properly for traffic capture on a variety of network types
  • Review the TCP/IP Resolution Flowchart to identify where performance problems may occur
  • Configure Wireshark for effective network troubleshooting
  • Analyze slow network performance caused by latency problems
  • Identify the location of and possible causes of packet loss on the network
  • Analyze traffic from misconfigured networks and applications
  • Review the evidence of network redirection Analyze network connections that are experiencing congestion
  • Baseline network communications for comparative analysis
  • Review the TCP/IP Resolution Flowchart to identify where security problems may occur
  • Analyze various reconnaissance processes to identify possible targets
  • Analyze Internet Control Message Protocol (ICMP) traffic to identify suspicious behavior
  • Examine symptoms of TCP-based attacks and breaches
  • Differentiate traffic from spoofed and non-spoofed host addresses
  • Create firewall Access Control List (ACL) rules based on suspicious traffic
  • Identify the location of signatures of various network breaches
Course Outline

 1. Analyzer Placement

  • Analyzing Hubbed Networks
  • Analyzing Switched Networks
  • Analyzing Routed Networks
  • Analyzing WAN Links
  • Tapping into Full-Duplex Links
  • Capturing in Stealth Mode
  • Obtaining Evidence Using a Honeypot
2. Normal Network Communications
  • When Everything Goes Right
  • The Multi-Step Resolution Process
  • Building the Packet
3. Causes of Performance Problems
  • Where Network Faults Occur
  • Time is of the Essence
4. Wireshark Functions for Troubleshooting
  • Using Pre-Defined Coloring Rules
  • Basic and Advanced IO Graphs
  • Use the Delta Time Value
  • Analyze Expert Information
  • Look Who's Talking
  • Graph Bandwidth Use, Round Trip Time,
    and TCP Performance
  • Flow Graphing
  • Statistics (Various)
5. Latency Issues
  • The Five Primary Points in Calculating Latency Plotting High Latency Times
  • Free Latency Calculators
  • Using the frame.time_delta Filter
6. Packet Loss and Retransmissions
  • Packet Loss and Recovery - UDP vs. TCP Previous Segment Lost Events
  • Duplicate ACKs
  • TCP Retransmissions and Fast Retransmissions
  • Out-of-Order Segments
7. Misconfigurations and Redirections
  • Visible Misconfigurations
  • Don't Forget the Time
8. Dealing with Congestion
  • Shattered Windows
  • Flooded Out
9. Baseline Network Communications
  • Your First Task When You Leave Class
10. Unusual Network Communications
  • Vulnerabilities in the TCP/IP Resolution Process
  • Route Resolution
  • Spotting Unacceptable Traffic
11. Reconnaissance Processes
  • Port Scans
  • Mutant Scans
  • IP Scans
  • Application Mapping
  • OS Fingerprinting
12. Analyzing ICMP Traffic
  • ICMP Types and Codes
  • ICMP Discovery
  • Router Redirection
  • Dynamic Router Discovery
  • Service Refusal
  • OS Fingerprinting
13. TCP Security
  • TCP Segment Splicing
  • TCP Fake Resets
14. Address Spoofing
  • MAC Address Spoofing
  • IP Address Spoofing
15. Building Firewall ACL Rules
  • Overview of ACL Rule Types
16. Signatures of Attacks
  • Signature Locations
  • Header Signatures
  • Sequencing Signatures
  • Payload Signature
  •   Obtaining Signatures
  • Attacks and Exploits
  • Password Cracks
  • Denial of Service Attacks
  • Redirections
17. Wireshark Functionality Review

18. Troubleshooting Review

19. Network Security Review

20. Final Preparation for the Wireshark Certification Test

21. Wireshark Certification Exam (Optional) Labs

Each section of this course includes hands-on labs to test and reinforce concepts and practice tasks.

Format: 5 days Classroom Instruction
Start/End Times: 09:00-18:00
Recommended Class Size: 6-12
Language: English



© Wireshark University