• Download and install Wireshark.
• Capture and analyse packets with Wireshark.
• Configure capture and display filters.
• Customise Wireshark..
• Troubleshoot networks using Wireshark.

Duration: 2 days

>> Dates, prices & bookings for this course

>> Back to Networking courses overview

What is Wireshark?
Protocol analysers, Wireshark features, Wireshark versions, troubleshooting techniques with Wireshark.

Installing Wireshark
Downloading Wireshark, UNIX issues, Microsoft issues, the role of winpcap, promiscuous mode, installing Wireshark. Wireshark documentation and help. Hands on: Downloading and installing Wireshark.

Capturing traffic
Starting and stopping basic packet captures, the packet list pane, packet details pane, packet bytes pane, interfaces, using Wireshark in a switched architecture. Hands on: Capturing packets with Wireshark.

Troubleshooting networks with Wireshark
Common packet flows. Hands on: Analysing a variety of problems with Wireshark.

Capture filters
Capture filter expressions, capture filter examples (host, port, network, protocol, worm), primitives, combining primitives, payload matching. Hands on: Configuring capture filters.

Working with captured packets
Live packet capture, saving to a file, capture file formats, reading capture files from other analysers, merging capture files, finding packets, going to a specific packet, display filters, display filter expressions. Hands on: Saving captured data, configuring display filters.

Analysis and statistics with Wireshark
Enabling/disabling protocols, user specified decodes, following TCP streams, protocol statistics, conversation lists, endpoint lists, I/O graphs, protocol specific statistics. Hands on: Using the analysis and statistics menus.

Command line tools
Tshark, tethereal, capinfos, editcap, mergecap, text2pcap, idl2eth. Hands on: Using tshark.

Advanced issues
802.11 issues, management frames, monitor mode, packet reassembling, name resolution, customising Wireshark. Hands on: Customising name resolution.