Course Outline
Day 1
Network analysis overview
- Essentials of the OSI reference model and TCP/IP networks.
- Troubleshooting tools and methodologies.
- Introduction to Wireshark
- What is Wireshark? Portable Wireshark. Resources.
- Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, etc.
- Architecture and processing flow. Limitations of Wireshark visibility.
- Supported protocols and dissectors.
- Preferences and configurations: global and profile-specific settings.
- Time values.
- Lab exercises.
Day 2
Capturing traffic
- Pre-capture considerations.
- Promiscuous mode.
- Capture filters.
- Automatic stop criteria.
- Remote capture.
- Lab exercises.
Traffic analysis: tools and approaches
- Analysis checklist.
- Utilizing features: name resolution, colorization, marking, ignoring, commenting, time references, time shifts, etc.
- Understanding the Expert System.
- Accessing options via Right-Click functionality.
- Interpretation (reference patterns) and impact of OS/driver Offload features.
- Saving results.
- Lab exercises and case studies.
Day 3
Traffic analysis: tools and approaches (continued)
- Filtering traffic: Display filters (preparing "in-flight" filters, macros), following streams.
-
Quantitative analysis.
- Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packet Lengths, IP-specific data.
- Protocol-specific analysis (e.g., TCP Stream Graphs).
- Advanced custom statistics using I/O Graph.
- Flow visualization.
Day 4
Traffic analysis: protocols
- Data-Link Layer: Ethernet II.
- Network Layer: IPv4.
-
Transport Layer: TCP, UDP.
- Packet loss and recovery.
- Events involving lost previous segments and Out-of-Order Segments.
- Duplicate ACKs and Fast Retransmissions.
- TCP Retransmissions.
- Zero Window, Window changes, and other window-related issues.
- Application layer: HTTP, FTP.
- Lab exercises and case studies.
Day 5
Traffic analysis: common issues in network performance assessment
- Causes of performance problems.
- Packet loss.
- Bandwidth issues. A layered approach to measurement.
- Latency: assessing end-to-end latency and visualization.
- Lab exercises.
-
(Wireshark) command-line tools:
- tshark (terminal-based Wireshark), dumpcap, rawshark, tcpdump
- editcap, mergecap, capinfos, text2pcap.
Advanced topics
- Advanced filters, grouped IO statistics.
- Summary and Q&A.
Requirements
1. Familiarity with the ISO OSI Reference Model (ITU-T X.200) and the TCP/IP protocol stack.
2. Basic knowledge of the Unix/Linux OS: UNIX terminal, directory structure, file listing and directory operations (creating, navigating, copying, moving, removing files and directories), redirection, pipes, and process management (listing suspended and background processes).
Hardware & Software Requirements
1. HW: Minimum 16GB RAM and at least 60GB of free disk space.
2. OS: Ubuntu Linux OS is recommended. The following applications should be installed: ip, iperf, and ipcalc.
3. SW: Wireshark application (https://www.wireshark.org/download.html).
All components should be the latest stable releases available.
Testimonials (3)
practical case studies
Kamil - P4 Sp. z o.o.
Course - Basic Network Troubleshooting Using Wireshark
knowledge of the instructor
Grzegorz - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark
Many exercises, good knowladge
