cisco logo color 2020

Troubleshooting TCP/IP Networks with Wireshark

Optimize TCP/IP networks with Wireshark. This hands-on, in-depth course provides the skills to isolate and fix network performance issues. Learn how Wireshark can solve your TCP/IP network problems...

Read More
$3,795 USD GSA  $3,250.13
Course Code 9879
Duration 5 days
Available Formats Virtual, Classroom
6119 Reviews star_rate star_rate star_rate star_rate star_half
Course Image

Optimize TCP/IP networks with Wireshark. This hands-on, in-depth course provides the skills to isolate and fix network performance issues. Learn how Wireshark can solve your TCP/IP network problems by improving your ability to analyze network traffic.

Skills Gained

  • Top 10 reasons for network performance complaints
  • Place the analyzer properly for traffic capture on a variety of network types
  • Capture packets on wired and wireless networks
  • Configure Wireshark for best performance and non-intrusive analysis
  • Navigate through, split, and work with large traffic files
  • Use time values to identify network performance problems
  • Create statistical charts and graphs to pinpoint performance issues
  • Filter out traffic for more efficient troubleshooting and analysis
  • Customize Wireshark coloring to focus on network problems faster
  • Use Wireshark's Expert System to understand various traffic problems
  • Use the TCP/IP Resolution Flowchart to identify possible communication faults
  • Analyze normal/abnormal Domain Name System (DNS) traffic
  • Analyze normal/abnormal Address Resolution Protocol (ARP) traffic
  • Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic
  • Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic
  • Analyze normal/abnormal User Datagram Protocol (UDP) traffic
  • Analyze normal/abnormal Transmission Control Protocol (TCP) traffic
  • Analyze normal/abnormal Hypertext Transport Protocol (HTTP/HTTPS) traffic

Who Can Benefit

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.

Prerequisites

Recommended:

Course Details

1. Introduction to Network Analysis and Wireshark

  • TCP/IP Analysis Checklist
  • Top Causes of Performance Problems
  • Get the Latest Version of Wireshark
  • Capturing Traffic
  • Opening Trace Files
  • Processing Packets
  • GTK Interface
  • The Icon Toolbar
  • The Changing Status Bar
  • Right-Click Functionality
  • General Analyst Resources
  • Your First Task When You Leave Class

2. Learn Capture Methods and Use Capture Filters

  • Checksum Issues at Capture
  • Analyze Switched Networks
  • Walk-Through a Sample SPAN Configuration
  • Analyze Full-Duplex Links with a Network TAP
  • Analyze Wireless Networks
  • Initial Analyzing Placement
  • Remote Capture Techniques
  • Available Capture Interfaces
  • Save Directly to Disk
  • Capture File Configurations
  • Limit Your Capture with Capture Filters
  • Examine Key Capture Filters

3. Customize for Efficiency: Configure Your Global Preferences

  • First Step: Create a Troubleshooting Profile
  • Customize the User Interface
  • Add Custom Columns for the Packet List Pane
  • Set Your Global Capture Preferences
  • Define Name Resolution Preferences
  • Configure Individual Protocol Preferences

4. Navigate Quickly and Focus Faster with Coloring Techniques

  • Move Around Quickly: Navigation Techniques
  • Find a Packet Based on Various Characteristics
  • Build Permanent Coloring Rules
  • Identify a Coloring Source
  • Apply Temporary Coloring
  • Mark Packets of Interest

5. Spot Network and Application Issues with Time Values and Summaries

  • Examine the Delta Time (End-of-Packet to End-of-Packet)
  • Set a Time Reference
  • Compare Timestamp Values
  • Compare Timestamps of Filtered Traffic
  • Enable and Use TCP Conversation Timestamps
  • Compare TCP Conversation Timestamp Values
  • Troubleshooting Example Using Time
  • Analyze Delay Types

6. Create and Interpret Basic Trace File Statistics

  • Examine Trace File Summary Information
  • View Active Protocols
  • Graph Throughput to Spot Performance Problems Quickly
  • Locate the Most Active Conversations and Endpoints
  • Other Conversation Options
  • Graph the Traffic Flows for a More Complete View
  • Numerous Other Statistics are Available
  • Quick Overview of VoIP Traffic Analysis Tools

7. Focus on Traffic Using Display Filters

  • Display Filters
  • Filter on Conversations/Endpoints
  • Build Filters Based on Packets
  • Display Filter Syntax
  • Use Comparison Operators and Advanced Filters
  • Filter on Text Strings
  • Build Filters Based on Expressions
  • Watch for Common Display Filter Mistakes
  • Manually Edit the dfilters File

8. Effectively Use Command-Line Tools

  • TShark and Dumpcap Command-Line Tools
  • Capinfos Command-Line Tool
  • Editcap Command-Line Tool
  • Mergecap Command-Line Tool
  • Text2pcap Command-Line Tool
  • Split and Merge Trace Files

9. TCP/IP Communications and Resolutions Overview

  • TCP/IP Functionality
  • When Everything Goes Right
  • The Multi-Step Resolution Process
  • Resolution Helped Build the Packet
  • Where Faults Can Occur
  • Typical Causes of Slow Performance

10. Analyze DNS Traffic

  • DNS Overview
  • DNS Packet Structure
  • DNS Queries
  • Filter on DNS Traffic
  • Analyze Normal/Problem DNS Traffic

11. Analyze ARP Traffic

  • ARP Overview
  • ARP Packet Structure
  • Filter on ARP Traffic
  • Analyze Normal/Problem ARP Traffic

12. Analyze IPv4 Traffic

  • IPv4 Overview
  • IPv4 Packet Structure
  • Analyze Broadcast/Multicast Traffic
  • Filter on IPv4 Traffic
  • IP Protocol Preferences
  • Analyze Normal/Problem IP Traffic

13. Analyze ICMP Traffic

  • ICMP Overview
  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • Analyze Normal/Problem ICMP Traffic

14. Analyze UDP Traffic

  • UDP Overview
  • Watch for Service Refusals
  • UDP Packet Structure
  • Filter on UDP Traffic
  • Follow UDP Streams to Reassemble Data
  • Analyze Normal/Problem UDP Traffic

15. Analyze TCP Protocol

  • TCP Overview
  • The TCP Connection Process
  • TCP Handshake Problem
  • Watch Service Refusals
  • TCP Packet Structure
  • The TCP Sequencing/Acknowledgment Process
  • Packet Loss Detection in Wireshark
  • Fast Recovery/Fast Retransmission Detection in Wireshark
  • Retransmission Detection in Wireshark
  • Out-of-Order Segment Detection in Wireshark
  • Selective Acknowledgement (SACK)
  • Window Scaling
  • Window Size Issue: Receive Buffer Problem
  • Window Size Issue: Unequal Window Size Beliefs
  • TCP Sliding Window Overview
  • Troubleshoot TCP Quickly with Expert Info
  • Filter on TCP Traffic and TCP Problems
  • Properly Set TCP Preferences
  • Follow TCP Streams to Reassemble Data

16. Examine Advanced Trace File Statistics

  • Build Advanced IO Graphs
  • Graph Round Trip Times
  • Graph TCP Throughput
  • Find Problems Using TCP Time-Sequence Graphs

17. Analyze HTTP Traffic

  • HTTP Overview
  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Reassembling HTTP Objects
  • HTTP Statistics
  • Analyze Normal/Problem HTTP Traffic

18. Analyze SSL-Encrypted Traffic (HTTPS)

  • Examining SSL/HTTPS Traffic
  • Wireshark v1.6.0 Bug Alert #201106
  • Filter on SSL

19. Analyze File Transfer Protocol (FTP) Traffic

  • FTP Overview
  • FTP Packet Structure
  • Analyze Active Mode Connections
  • Analyze Passive Mode Connections
  • Filter on FTP Traffic
  • Analyze Normal/Problem FTP Traffic

20. Your 10 Key Troubleshooting Steps

Lab 24: Analyze FTP Problems

Contact Us 1-800-803-3948
Contact Us
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward