Course Outline
Day 1
Network analysis overview
- OSI reference model and TCP/IP networks essentials.
- Troubleshooting tools and methodologies.
- Introduction to Wireshark
- What is Wireshark? Portable Wireshark. Resources.
- Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
- Architecture and processing flow. What cannot be seen with Wireshark and why?
- Supported protocols. Dissectors.
- Preferences and configurations; global and profile-specific.
- Time values.
- Lab exercises.
Day 2
Capture traffic
- Considerations before starting.
- Promiscuous mode.
- Capture filters.
- Automatic stop criteria.
- Remote capture.
- Lab exercises.
Traffic analysis: tools and approaches
- Analysis checklist.
- Using features: name resolution, colorization, marking, ignoring, commenting, time references, time shifts, etc.
- Understanding the Expert System.
- Accessing options through Right-Click functionality.
- Interpretation (reference patterns), impact of OS/driver Offload features.
- Saving results.
- Lab exercises and case studies.
Day 3
Traffic analysis: tools and approaches (continued)
- Filtering traffic: Display filters (preparing "in-flight" filters, macros), following streams.
-
Quantitative analysis.
- Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packet Lengths, IP-specific data.
- Protocol-specific analysis (e.g., TCP Stream Graphs).
- Advanced custom statistics using I/O Graph.
- Flow visualization.
Day 4
Traffic analysis: protocols
- Data-Link Layer: Ethernet II.
- Network Layer: IPv4.
-
Transport Layer: TCP, UDP.
- Packet loss and recovery.
- Previous segment lost and Out-of-Order Segments events.
- Duplicate ACKs and Fast Retransmissions.
- TCP Retransmissions.
- Zero Window, Window changes, and other window-related problems.
- Application layer: HTTP, FTP.
- Lab exercises and case studies.
Day 5
Traffic analysis: common issues in network performance assessment
- Causes of performance problems.
- Packet loss.
- Bandwidth issues. Layered approach to measurement.
- Latency: assessing end-to-end latency, visualization.
- Lab exercises.
-
(Wireshark) command-line tools:
- tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
- editcap, mergecap, capinfos, text2pcap.
Advanced topics
- Advanced filters, grouped iostats.
- Summary and Q&A.
Requirements
1. Familiarity with the ISO OSI Reference Model (ITU-T X.200) and the TCP/IP protocol stack.
2. Basic knowledge of Unix/Linux OS: UNIX terminal operations, directory structures, listing files and directories, creating directories, navigating between directories, copying, moving, and removing files and directories, redirection, pipes, and process management (listing suspended and background processes).
Hardware & Software Requirements
1. HW: Minimum 16GB RAM, minimum 60GB of free disk space.
2. OS: Ubuntu Linux OS is preferred. The following applications must be installed: ip,
iperf, ipcalc.
3. SW: Wireshark application (https://www.wireshark.org/download.html).
All components should be the latest stable releases.
Testimonials (3)
practical case studies
Kamil - P4 Sp. z o.o.
Course - Basic Network Troubleshooting Using Wireshark
knowledge of the instructor
Grzegorz - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark
Many exercises, good knowladge
