Troubleshooting TCP/IP Networks with Wireshark

  • Tuition USD $3,795 GSA  $3,164.48
  • Reviews star_rate star_rate star_rate star_rate star_half 1076 Ratings
  • Course Code 9879
  • Duration 5 days
  • Available Formats Virtual, Classroom
Training with Wireshark Experts

Whether you realize it or not, skills are the key limiter to your success. For over 20 years organizations large and small have trusted to deliver sustainable, scalable, repeatable training with minimal disruption. With access to Wireshark's TCP/IP Network subject matter experts delivering authorized and industry-leading instruction through multiple delivery formats, sets the stage for your success by reducing skill gaps.

Optimize TCP/IP networks with Wireshar. This hands-on, in-depth course provides the skills to isolate and fix network performance issues. Learn how Wireshark can solve your TCP/IP network problems by improving your ability to analyze network traffic.

This course will enable you to:

  • Identify and analyze the most common causes of performance problems in TCP/IP communications.
  • Develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance problems.
  • Prepare for the latest Wireshark Certified Network Analyst (WCNA) certification exam.

This course will prepare you to pass your WCNA certification exam with instructor-led training from a Wireshark subject matter expert. This course also includes official Wireshark study guides, and hands-on training with live labs.

Know before you go: Please bring your own laptop loaded with Wireshark to your first class. Download Wireshark for free at www.wireshark.org.

Skills Gained

  • Top 10 reasons for network performance complaints
  • Place the analyzer properly for traffic capture on a variety of network types
  • Capture packets on wired and wireless networks
  • Configure Wireshark for best performance and non-intrusive analysis
  • Navigate through, split, and work with large traffic files
  • Use time values to identify network performance problems
  • Create statistical charts and graphs to pinpoint performance issues
  • Filter out traffic for more efficient troubleshooting and analysis
  • Customize Wireshark coloring to focus on network problems faster
  • Use Wireshark's Expert System to understand various traffic problems
  • Use the TCP/IP Resolution Flowchart to identify possible communication faults
  • Analyze normal/abnormal Domain Name System (DNS) traffic
  • Analyze normal/abnormal Address Resolution Protocol (ARP) traffic
  • Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic
  • Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic
  • Analyze normal/abnormal User Datagram Protocol (UDP) traffic
  • Analyze normal/abnormal Transmission Control Protocol (TCP) traffic
  • Analyze normal/abnormal Hypertext Transport Protocol (HTTP/HTTPS) traffic

Who Can Benefit

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.

Prerequisites

Recommended:

Course Details

1. Introduction to Network Analysis and Wireshark

  • TCP/IP Analysis Checklist
  • Top Causes of Performance Problems
  • Get the Latest Version of Wireshark
  • Capturing Traffic
  • Opening Trace Files
  • Processing Packets
  • GTK Interface
  • The Icon Toolbar
  • The Changing Status Bar
  • Right-Click Functionality
  • General Analyst Resources
  • Your First Task When You Leave Class

2. Learn Capture Methods and Use Capture Filters

  • Checksum Issues at Capture
  • Analyze Switched Networks
  • Walk-Through a Sample SPAN Configuration
  • Analyze Full-Duplex Links with a Network TAP
  • Analyze Wireless Networks
  • Initial Analyzing Placement
  • Remote Capture Techniques
  • Available Capture Interfaces
  • Save Directly to Disk
  • Capture File Configurations
  • Limit Your Capture with Capture Filters
  • Examine Key Capture Filters

3. Customize for Efficiency: Configure Your Global Preferences

  • First Step: Create a Troubleshooting Profile
  • Customize the User Interface
  • Add Custom Columns for the Packet List Pane
  • Set Your Global Capture Preferences
  • Define Name Resolution Preferences
  • Configure Individual Protocol Preferences

4. Navigate Quickly and Focus Faster with Coloring Techniques

  • Move Around Quickly: Navigation Techniques
  • Find a Packet Based on Various Characteristics
  • Build Permanent Coloring Rules
  • Identify a Coloring Source
  • Apply Temporary Coloring
  • Mark Packets of Interest

5. Spot Network and Application Issues with Time Values and Summaries

  • Examine the Delta Time (End-of-Packet to End-of-Packet)
  • Set a Time Reference
  • Compare Timestamp Values
  • Compare Timestamps of Filtered Traffic
  • Enable and Use TCP Conversation Timestamps
  • Compare TCP Conversation Timestamp Values
  • Troubleshooting Example Using Time
  • Analyze Delay Types

6. Create and Interpret Basic Trace File Statistics

  • Examine Trace File Summary Information
  • View Active Protocols
  • Graph Throughput to Spot Performance Problems Quickly
  • Locate the Most Active Conversations and Endpoints
  • Other Conversation Options
  • Graph the Traffic Flows for a More Complete View
  • Numerous Other Statistics are Available
  • Quick Overview of VoIP Traffic Analysis Tools

7. Focus on Traffic Using Display Filters

  • Display Filters
  • Filter on Conversations/Endpoints
  • Build Filters Based on Packets
  • Display Filter Syntax
  • Use Comparison Operators and Advanced Filters
  • Filter on Text Strings
  • Build Filters Based on Expressions
  • Watch for Common Display Filter Mistakes
  • Manually Edit the dfilters File

8. Effectively Use Command-Line Tools

  • TShark and Dumpcap Command-Line Tools
  • Capinfos Command-Line Tool
  • Editcap Command-Line Tool
  • Mergecap Command-Line Tool
  • Text2pcap Command-Line Tool
  • Split and Merge Trace Files

9. TCP/IP Communications and Resolutions Overview

  • TCP/IP Functionality
  • When Everything Goes Right
  • The Multi-Step Resolution Process
  • Resolution Helped Build the Packet
  • Where Faults Can Occur
  • Typical Causes of Slow Performance

10. Analyze DNS Traffic

  • DNS Overview
  • DNS Packet Structure
  • DNS Queries
  • Filter on DNS Traffic
  • Analyze Normal/Problem DNS Traffic

11. Analyze ARP Traffic

  • ARP Overview
  • ARP Packet Structure
  • Filter on ARP Traffic
  • Analyze Normal/Problem ARP Traffic

12. Analyze IPv4 Traffic

  • IPv4 Overview
  • IPv4 Packet Structure
  • Analyze Broadcast/Multicast Traffic
  • Filter on IPv4 Traffic
  • IP Protocol Preferences
  • Analyze Normal/Problem IP Traffic

13. Analyze ICMP Traffic

  • ICMP Overview
  • ICMP Packet Structure
  • Filter on ICMP Traffic
  • Analyze Normal/Problem ICMP Traffic

14. Analyze UDP Traffic

  • UDP Overview
  • Watch for Service Refusals
  • UDP Packet Structure
  • Filter on UDP Traffic
  • Follow UDP Streams to Reassemble Data
  • Analyze Normal/Problem UDP Traffic

15. Analyze TCP Protocol

  • TCP Overview
  • The TCP Connection Process
  • TCP Handshake Problem
  • Watch Service Refusals
  • TCP Packet Structure
  • The TCP Sequencing/Acknowledgment Process
  • Packet Loss Detection in Wireshark
  • Fast Recovery/Fast Retransmission Detection in Wireshark
  • Retransmission Detection in Wireshark
  • Out-of-Order Segment Detection in Wireshark
  • Selective Acknowledgement (SACK)
  • Window Scaling
  • Window Size Issue: Receive Buffer Problem
  • Window Size Issue: Unequal Window Size Beliefs
  • TCP Sliding Window Overview
  • Troubleshoot TCP Quickly with Expert Info
  • Filter on TCP Traffic and TCP Problems
  • Properly Set TCP Preferences
  • Follow TCP Streams to Reassemble Data

16. Examine Advanced Trace File Statistics

  • Build Advanced IO Graphs
  • Graph Round Trip Times
  • Graph TCP Throughput
  • Find Problems Using TCP Time-Sequence Graphs

17. Analyze HTTP Traffic

  • HTTP Overview
  • HTTP Packet Structure
  • Filter on HTTP Traffic
  • Reassembling HTTP Objects
  • HTTP Statistics
  • Analyze Normal/Problem HTTP Traffic

18. Analyze SSL-Encrypted Traffic (HTTPS)

  • Examining SSL/HTTPS Traffic
  • Wireshark v1.6.0 Bug Alert #201106
  • Filter on SSL

19. Analyze File Transfer Protocol (FTP) Traffic

  • FTP Overview
  • FTP Packet Structure
  • Analyze Active Mode Connections
  • Analyze Passive Mode Connections
  • Filter on FTP Traffic
  • Analyze Normal/Problem FTP Traffic

20. Your 10 Key Troubleshooting Steps

Lab 24: Analyze FTP Problems

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals, and private on sites. View our group training page for more information.

A reliable partner with AWS. Provides excellent reading and lab material. A really helpful subject matter companion as you move forward towards certification. Reliable and thorough. Professional instructors and customer service.

La experiencia fue muy buena, le doy la mayoría del merito al instructor, resulto excelente y muy apegado a la realidad.

ExcitCertified(Tech Data) was great and I enjoyed my experience with them. Looking forward to taking more courses with them!

Very clean, great cafeteria and well sorted, very kind staff. The bathrooms have to be expanded as they might get crowded sometimes

There were minimal errors. The labs were great but the learning environment was difficult to navigate and certain components needed to stay on the screen that covered up parts of the presentation slides.

6 options available

undo
  • Nov 2, 2020 Nov 6, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    08:30 16:30 EST
    Enroll
    Enroll
  • Nov 9, 2020 Nov 13, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    11:30 19:30 EST
    Enroll
    Enroll
  • Nov 16, 2020 Nov 20, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    08:30 16:30 EST
    Enroll
    Enroll
  • Dec 7, 2020 Dec 11, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    11:30 19:30 EST
    Enroll
    Enroll
  • Dec 14, 2020 Dec 18, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    08:30 16:30 EST
    Enroll
    Enroll
  • Jan 11, 2021 Jan 15, 2021 (5 days)
    Location
    Virtual
    Language
    English
    Time
    08:30 16:30 EST
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward