• Classroom
  • Online, Instructor-Led
Course Description

In this hands—on course, you will receive in—depth training on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance problems, and you will prepare for the latest Wireshark certification exam.

Topics you will cover in this course include:
• Traffic capturing techniques and analyzer placement
• Traffic filtering (capture/display)
• Customized profiles creation
• Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
• Normal behavior of ARP, DNS, IP, TCP, UDP, ICMP, and HTTP/HTTPS
• Latency issue identification
• Connection establishment concerns
• Service refusals
• Common indications of reconnaissance processes and breached hosts

This course includes the official Wireshark study guide to help you prepare for the Wireshark Certified Network Analyst certification exam.

Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at www.wireshark.org.

Learning Objectives

Top 10 reasons for network performance complaints
Place the analyzer properly for traffic capture on a variety of network types
Capture packets on wired and wireless networks
Configure Wireshark for best performance and non—intrusive analysis
Navigate through, split, and work with large traffic files
Use time values to identify network performance problems
Create statistical charts and graphs to pinpoint performance issues
Filter out traffic for more efficient troubleshooting and analysis
Customize Wireshark coloring to focus on network problems faster
Use Wireshark’s Expert System to understand various traffic problems
Use the TCP/IP Resolution Flowchart to identify possible communication faults
Analyze normal/abnormal Domain Name System (DNS) traffic
Analyze normal/abnormal Address Resolution Protocol (ARP) traffic
Analyze normal/abnormal Internet Protocol v4 (IPv4) traffic
Analyze normal/abnormal Internet Control Messaging Protocol (ICMP) traffic
Analyze normal/abnormal User Datagram Protocol (UDP) traffic
Analyze normal/abnormal Transmission Control Protocol (TCP) traffic
Analyze normal/abnormal Hypertext Transport Protocol (HTTP/HTTPS) traffic

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Exploitation Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.