Course Outline

Day 1

Network analysis overview

  1. OSI reference model and TCP/IP networks essentials.
  2. Troubleshooting tools, methodologies.
  3. Introduction to Wireshark
  4. What is Wireshark? Portable Wireshark. Resources.
  5. Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
  6. Architecture and processing flow. What and why cannot be seen with Wireshark?
  7. Supported protocols. Dissectors.
  8. Preferences and configurations; global and profile specific.
  9. Time values.
  10. Lab exercises.

Day 2

Capture traffic

  1. Things to consider before start.
  2. Promiscuous mode.
  3. Capture filters.
  4. Automatic stop criteria.
  5. Remote capture.
  6. Lab exercises.

Traffic analysis: tools and approaches

  1. Analysis checklist.
  2. Using features: name resolution, colorization, marking, ignoring, commenting, using time references, time shifts, etc.
  3. Understanding Expert System.
  4. Accessing options through Right-Click functionality.
  5. Interpretation (reference patterns), OS/driver Offload features impact.
  6. Saving results.
  7. Lab exercises and case studies.

Day 3

Traffic analysis: tools and approaches (cont.)

  1. Filtering traffic: Display filters (preparing "in-flight" filters, macros), following stream.
  2. Quantitative analysis.
    1. Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IP-specific.
    2. Protocol specific analysis (e.g.: TCP Stream Graphs).
    3. Advanced custom statistics with I/O Graph.
    4. Flow visualization.

Day 4

Traffic analysis: protocols

  1. Data-Link Layer: Ethernet II.
  2. Network Layer: IPv4.
  3. Transport Layer: TCP, UDP.
    1. Packet loss and recovery.
    2. Previous segment lost and Out-of-Order Segments events.
    3. Duplicate ACKs and Fast Retransmissions.
    4. TCP Retransmissions.
    5. Zero Window, Window changes and other window problems.
  4. Application layer: HTTP, FTP.
  5. Lab exercises and case studies.

Day 5

Traffic analysis: common issues in network performance assessment

  1. Cause of performance problems.
  2. Packet loss.
  3. Bandwidth issues. Layered approach to measurement.
  4. Latency: assessing end to end latency, visualization.
  5. Lab exercises.
  6. (Wireshark) command-line tools:
    1. tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
    2. editcap, mergecap, capinfos, text2pcap.

Advanced topics

  1. Advanced filters, grouped iostats.
  2. Summary and Q&A.


1. Familiarity with ISO OSI Reference Model - ITU-T X.200 and TCP/IP protocol stack.

2. Basic knowledge of Unix/Linux OS: UNIX terminal, directory structure, listing files and directo-
ries, making directories, changing to a different directory, copying, moving and removing files and directories, redirection, pipes, processes - listing suspended and background processes.

Hardware & Software
1. HW: min 16GB of RAM, min 60GB free disk space available.
2. OS: Ubuntu Linux OS is preferred. In this case the following applications should be installed: ip,
iperf, ipcalc.
3. SW: Wireshark application (

All should be in latest stable, available releases.

  35 Hours


Related Courses

Basic Network Troubleshooting Using Wireshark

  21 hours

Advanced Network Troubleshooting Using Wireshark

  21 hours

Understanding Multicast using IPv4

  21 hours

Network Troubleshooting with Wireshark

  21 hours

Advanced Network Troubleshooting with Wireshark

  21 hours

Practical TCP/IP

  28 hours

Understanding IPv6

  14 hours

Understanding IPSec VPNs

  14 hours

Cisco CCNA Syllabus in 5 Days

  35 hours

DNS and BIND: Setting Up, Managing and Securing Your DNS Server

  14 hours

Shadowsocks: Set Up a Proxy Server

  7 hours

Metro-Ethernet Service and Troubleshooting

  28 hours

VoIP with Cisco CallManager Express

  35 hours

Tinc VPN

  14 hours