Getting Started with Wireshark: The Ultimate Hands-On Course

Getting Started with Wireshark: The Ultimate Hands-On Course

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 73 lectures (6h 49m) | 3.95 GB

Go from Packet Zero to Packet Hero with this Practical Wireshark course.

Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind:

What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is “normal” and what can I ignore in all this data?

I froze under the weight of all the detail in the packets.

If you have ever felt that way when looking at a pcap, this is the course for you!

Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help all IT engineers to improve in their analysis and troubleshooting skills. Assignments have been designed with participation in mind. Download the trace file, try your hand at the questions that go along with it, and see if you can solve the network puzzle in the packets.

While learning the art of packet analysis, we will also explore the Wireshark interface, configure custom columns, filters, and coloring rules, learning how to customize the layout so we can spot problems fast. This course will give you comfort with the Wireshark interface and the experience you need to understand core protocols.

My name is Chris Greer and I am a Wireshark University instructor, as well as a packet analysis consultant for companies all over the globe. Like you, I started out looking at packet traces, hoping to find the right ones to solve complex issues on the network. I this course, I bring real-world examples to every lecture, exercise, and course assignment. My goal is for you to get comfortable with the Wireshark interface, learn to interpret the packets, and find actionable data that will help you to resolve problems or spot security incidents faster.

What you’ll learn

  • Capture and interpret network traffic with Wireshark
  • Understand core networking protocols – DHCP, DNS, TCP/IP
  • Troubleshoot the top five network problems with Wireshark
  • Analyze a cybersecurity attack with Wireshark
Table of Contents

Hands-On with Wireshark – Your First PCAP Lab
1 Section Intro – What will we learn
2 Installing Wireshark and the Command Line Tools
3 Lab 1 – Walkthrough – Hands-On with Wireshark
4 Section Review

Getting help
5 Answering your questions
6 Udemy Tips and Tricks

Configuring the Wireshark Interface
7 What are Wireshark Profiles and Why Should We Use Them
8 Configuring Profiles, Adding Custom Columns
9 Coloring Traffic
10 Adjusting the Screen Layout
11 Lab 2 – Walkthrough – Configuring the Wireshark Interface
12 Section Review

Filtering Traffic in Wireshark
13 Introduction to Wireshark Filters
14 Capture Filters vs Display Filters
15 Filtering for IP Addresses, Source or Destination
16 Filtering for Protocols and Port Numbers
17 Filtering for Conversations
18 Operators in Display Filters
19 Demo Using Operators when Filtering Traffic
20 Special Operators – Contains, Matches, and In
21 Demo How to Use Special Operators When Filtering
22 Lab 3 – Walkthrough – Creating Display Filters
23 Section Review

Where and How to Capture Packets
24 Think BEFORE You Capture!
25 How To Capture In a Switched Environment – Local Capture vs SPAN vs TAP
26 Capturing at Multiple Locations
27 Should We Use a Capture Filter
28 Capturing Traffic with the Wireshark User Interface
29 How to Capture Intermittent Problems – Long Term Capture Configuration
30 How to Capture on the Command Line with Dumpcap
31 Configuring a Ring-Buffer on the CLI
32 Section Review

The Anatomy of a Packet – How Encapsulation Works
33 Packets and the OSI Model
34 Ethernet – The Frame Header
35 Unicasts vs Broadcasts vs Multicasts
36 The Internet Protocol – Learning the Header Values
37 Following a Packet Through the Network – Re-Encapsulation
38 Lab 4 – Walkthrough – Analyzing a Packet
39 Section Review

Practical IP Analysis
40 Section Overview
41 Digging Deeper into the IP ID
42 How to Use the TTL Field
43 How IP Fragmentation Works
44 The IP Flags
45 Whoa! Investigating Suspect Scan Activity
46 A Look at IPv6
47 Configuring Wireshark to Find GeoIP Locations
48 Analyzing a DDoS Attack with GeoIP
49 Lab 5 – Walkthrough – Is this scan as bad as it looks
50 Section Review

Practical UDP Analysis
51 UDP Intro
52 The UDP Header Explained
53 How DHCP Works
54 Analyzing DNS
55 Troubleshooting VoIP and Video Streams
56 UDP Review

Practical TCP Analysis
57 Section Intro
58 Practical TCP – The Handshake
59 Hands-On with TCP Flags
60 Analyzing TCP Options
61 How Sequence and Acknowledgement Numbers Work
62 Digging into Retransmissions
63 Let’s Shut it Down – FINs vs Resets
64 Lab 6- Walkthrough – Is it the Client, Network, or Server
65 TCP Analysis Review

The Top Five Things to Look For When Troubleshooting with Wireshark
66 Putting it All Together – Section Intro
67 Slow Application Response Time
68 High Network Latency
69 Network Packet Loss
70 Slow File Transfers – TCP Window Problems
71 NetworkApplication Disconnects – TCP Resets
72 What to do next with Wireshark – Where to go from here

Final Thoughts
73 Bonus Lecture