TCP/IP Network Troubleshooting Essentials with Wireshark
- Course Code GK9879
- Duration 3 days
Course Delivery
Jump to:
Course Delivery
This course is available in the following formats:
-
Company Event
Event at company
-
Public Classroom
Traditional Classroom Learning
-
Virtual Learning
Learning that is virtual
Request this course in a different delivery format.
Course Overview
TopCourse Schedule
TopTarget Audience
TopCourse Objectives
Top- Create a custom Wireshark profile for troubleshooting
- Add, edit, and export custom column values
- Change key Wireshark preference settings
- Compare capture methods and options
- Perform an unattended capture
- Apply capture filters to focus on traffic of interest
- Apply display filters based on addresses, protocols, and field values
- Create buttons to speed up problem detection
- Build exclusion filters to remove packets from view
- Build and use regular expression filters
- Determine the most active hosts and conversations
- Identify applications used on the network
- Map IP addresses globally
- Reassemble traffic and objects
- Export reassembled objects
- Annotate a trace file
- Create a report from trace file annotations and comments
- Split and merge trace files
- Perform command-line capture
- Capture using filters and an autostop condition
- Use Tshark to extract field values from a trace file
Course Content
TopModule 1: Introduction to Wireshark Resources and Analysis
- Tour of Wireshark Capabilities and Functions Tour
- Wireshark Capture Elements
- Frames vs. Packets vs. Segments
- Follow a Packet Through a Network
- Analyze a Trace File Using the Packet List Pane
Module 2: Customize Wireshark Views and Settings
- Create Custom Profiles
- Add, Edit, Export Columns
- Force Dissectors on Traffic that Uses Non-Standard Ports
- Set Key Wireshark Preferences (IMPORTANT)
- Locate Key Configuration Files
- Share and Import Profiles
- Configure Time Column to Spot Path and Server Latency Problems
Module 3: Determine the Best Capture Method and Apply Capture Filters
- Identify the Best Capture Location
- Capture on an Ethernet Network
- Capture on a Wireless Network
- Deal with Tons of Traffic (File Sets)
- Use Special Capture Techniques to Spot Sporadic Problems (Ring Buffer)
- Reduce the Amount of Traffic with Which You Have to Work
- Capture Traffic Based on Addresses (MAC/IP)
- Capture Traffic for a Specific Application
- Capture Specific ICMP Traffic
Module 4: Apply Display Filters to Focus on Specific Traffic
- Display Filter Methods and Syntax
- Edit and Use the Default Display Filters
- Filter Properly on HTTP Traffic
- Apply Display Filters Based on an IP Address, Range of Addresses or a Subnet
- Quickly Filter on a Field in a Packet
- Build Display Filter Buttons
- Filter to Detect Application Errors
- Filter on One or More Conversations (Streams)
- Expand Display Filters with Include and Exclude Conditions
- Use Parentheses to Change Filter Meaning
- Determine Why Your Display Filter Area is Yellow
- Use a Basic Regular Expression Filter to Locate a Set of Key Words in a Trace File
- Use Filters to Spot Communication Delays
- Import Display Filters into a Profile
Module 5: Color and Export Interesting Packets
- Identify and Edit Applied Coloring Rules
- Build a Coloring Rule to Highlight Delays
- Master the Intelligent Scrollbar
- Export Packets of Interest
- Export Packet Details (Excel Analysis)
Module 6: Build and Interpret Tables and Graphs
- Locate the Top Talkers
- Set Up GeoIP to Map Targets Globally
- List Applications Seen on the Network
- Detect Suspicious Protocols and Applications
- Graph Application and Host Bandwidth Usage
- Identify TCP Errors on the Network
- Understand What those Expert Errors Mean
- Identify an Overloaded Client
Module 7: Reassemble Traffic for Faster Analysis
- Reassemble Web Browsing Sessions
- Reassemble a File Transferred via FTP
- Extract a File from an FTP File Transfer
- Export HTTP Objects Transferred in a Web Browsing Session
Module 8: Add Comments to Your Trace Files and Packets
- Add Your Comments to Trace Files
- Add Your Comments to Individual Packets
- Export Packet Comments for a Report
Module 9: Use Command-Line Tools to Capture, Split, and Merge Traffic
- Split a Large Trace File into a File Set
- Merge Multiple Trace Files
- Capture Traffic at Command Line with Filters and an Autostop Condition
- Use Tshark to Extract HTTP GET Requests
Course Prerequisites
TopBasic knowledge of network addressing
Basic knowledge of infrastructure devices (switches, routers)
Test Certification
TopRecommended as preparation for the following exam(s):
WCNA Certification (formerly referred to as the Wireshark Certified Network Analyst Certification)
- GK9879
- TCP/IP Network Troubleshooting Essentials with Wireshark
- Cloud Computing
- GK9879 | TCP/IP Network Troubleshooting Essentials with Wireshark | Training Course | Global Knowledge.
- Global Knowledge