Getting Started with Wireshark: The Ultimate Hands-On Course

Post published:26 December, 2023
Post category:StudyBullet-7
Reading time:8 mins read

Go from Packet Zero to Packet Hero with this Practical Wireshark course.

What you will learn

Capture and interpret network traffic with Wireshark

Understand core networking protocols – DHCP, DNS, TCP/IP

Troubleshoot the top five network problems with Wireshark

Analyze a cybersecurity attack with Wireshark

Description

Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind:

What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is “normal” and what can I ignore in all this data?

I froze under the weight of all the detail in the packets.

If you have ever felt that way when looking at a pcap, this is the course for you!

Get Instant Notification of New Courses on our Telegram channel.

Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help all IT engineers to improve in their analysis and troubleshooting skills. Assignments have been designed with participation in mind. Download the trace file, try your hand at the questions that go along with it, and see if you can solve the network mystery in the packets.

While learning the art of packet analysis, we will also explore the Wireshark interface, configure custom columns, filters, and coloring rules, learning how to customize the layout so we can spot problems fast. This course will give you comfort with the Wireshark interface and the experience you need to understand core protocols.

My name is Chris Greer and I am a Wireshark University instructor, as well as a packet analysis consultant for companies all over the globe. Like you, I started out looking at packet traces, hoping to find the right ones to solve complex issues on the network. I this course, I bring real-world examples to every lecture, exercise, and course assignment. My goal is for you to get comfortable with the Wireshark interface, learn to interpret the packets, and find actionable data that will help you to resolve problems or spot security incidents faster.

Ready Packet People? Let’s dig!

English

language

Content

Hands-On with Wireshark – Your First PCAP Lab

Section Intro – What will we learn?

Installing Wireshark and the Command Line Tools

Section Review

Configuring the Wireshark Interface

What are Wireshark Profiles and Why Should We Use Them?

Configuring Profiles, Adding Custom Columns

Coloring Traffic

Adjusting the Screen Layout

Section Review

Filtering Traffic in Wireshark

Introduction to Wireshark Filters

Capture Filters vs Display Filters

Filtering for IP Addresses, Source or Destination

Filtering for Protocols and Port Numbers

Filtering for Conversations

Operators in Display Filters

Demo: Using Operators when Filtering Traffic

Special Operators – Contains, Matches, and In

Demo: How to Use Special Operators When Filtering

Section Review

Where and How to Capture Packets

Think BEFORE You Capture!

How To Capture In a Switched Environment – Local Capture vs SPAN vs TAP

Capturing at Multiple Locations

Should We Use a Capture Filter?

Capturing Traffic with the Wireshark User Interface

How to Capture Intermittent Problems – Long Term Capture Configuration

How to Capture on the Command Line with Dumpcap

Configuring a Ring-Buffer on the CLI

How and Where to Capture Packets

Section Review

The Anatomy of a Packet – How Encapsulation Works

Packets and the OSI Model

Ethernet – The Frame Header

Unicasts vs Broadcasts vs Multicasts

The Internet Protocol – Learning the Header Values

Following a Packet Through the Network – Re-Encapsulation

Section Review

Practical IP Analysis

Section Overview

Digging Deeper into the IP ID

How to Use the TTL Field

How IP Fragmentation Works

The IP Flags

Whoa! Investigating Suspect Scan Activity

A Look at IPv6

Configuring Wireshark to Find GeoIP Locations

Analyzing a DDoS Attack with GeoIP

Section Review

Practical UDP Analysis

UDP Intro

The UDP Header Explained

How DHCP Works

Analyzing DNS

Troubleshooting VoIP and Video Streams

UDP Review

Practical TCP Analysis

Section Intro

Practical TCP – The Handshake

Hands-On with TCP Flags

Analyzing TCP Options

How Sequence and Acknowledgement Numbers Work

Digging into Retransmissions

Let’s Shut it Down – FINs vs Resets

TCP Analysis Review

The Top Five Things to Look For When Troubleshooting with Wireshark

Putting it All Together – Section Intro

1. Slow Application Response Time

2. High Network Latency

3. Network Packet Loss

4. Slow File Transfers – TCP Window Problems

5. Network/Application Disconnects – TCP Resets

What to do next with Wireshark – Where to go from here.

Final Thoughts

Bonus Lecture

Enroll for Free

💠 Follow this Video to Get Free Courses on Every Udemy Topics! 💠

Tags: CyberSecurity, Free Courses, StudyBullet, Wireshark