Course Outline

Day 1

Overview of network analysis for government

  1. OSI reference model and essential TCP/IP networks.
  2. Troubleshooting tools and methodologies.
  3. Introduction to Wireshark.
  4. What is Wireshark? Portable Wireshark. Resources for government.
  5. Wireshark GUI structure: Packet List, Details, Packet Bytes panes, Status Bar, etc.
  6. Architecture and processing flow. Limitations of what can be seen with Wireshark.
  7. Supported protocols and dissectors.
  8. Preferences and configurations; global and profile-specific settings.
  9. Time values in network analysis.
  10. Lab exercises for hands-on practice.

Day 2

Capturing traffic

  1. Considerations before starting the capture process.
  2. Promiscuous mode and its implications.
  3. Capture filters for targeted data collection.
  4. Automatic stop criteria for efficient captures.
  5. Remote capture techniques.
  6. Lab exercises to reinforce learning.

Traffic analysis: tools and approaches

  1. Analysis checklist for systematic evaluation.
  2. Utilizing features: name resolution, colorization, marking, ignoring, commenting, time references, time shifts, etc.
  3. Understanding the Expert System in Wireshark.
  4. Accessing options through right-click functionality.
  5. Interpreting results and understanding OS/driver offload features.
  6. Saving analysis results for future reference.
  7. Lab exercises and case studies to apply knowledge.

Day 3

Traffic analysis: tools and approaches (continued)

  1. Filtering traffic: Display filters, preparing "in-flight" filters, macros, following stream.
  2. Quantitative analysis:
    1. Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packet Lengths, IP-specific data.
    2. Protocol-specific analysis (e.g., TCP Stream Graphs).
    3. Advanced custom statistics with I/O Graph.
    4. Flow visualization techniques.

Day 4

Traffic analysis: protocols

  1. Data-Link Layer: Ethernet II.
  2. Network Layer: IPv4.
  3. Transport Layer: TCP, UDP.
    1. Packet loss and recovery mechanisms.
    2. Previous segment lost and out-of-order segments events.
    3. Duplicate ACKs and fast retransmissions.
    4. TCP retransmissions.
    5. Zero window, window changes, and other window-related issues.
  4. Application layer: HTTP, FTP.
  5. Lab exercises and case studies to apply protocol analysis techniques.

Day 5

Traffic analysis: common issues in network performance assessment

  1. Causes of performance problems.
  2. Packet loss and its impact on network efficiency.
  3. Bandwidth issues and a layered approach to measurement.
  4. Latency: assessing end-to-end latency, visualization techniques.
  5. Lab exercises to identify and resolve performance issues.
  6. Command-line tools for traffic analysis:
    1. tshark (terminal-based Wireshark), dumpcap, rawshark, tcpdump.
    2. editcap, mergecap, capinfos, text2pcap.

Advanced topics

  1. Advanced filters and grouped I/O statistics.
  2. Summary and Q&A session for comprehensive understanding.

Requirements

1. Familiarity with the ISO OSI Reference Model - ITU-T X.200 and the TCP/IP protocol stack.

2. Basic knowledge of Unix/Linux operating systems: navigating the UNIX terminal, understanding directory structures, listing files and directories, creating directories, changing directories, copying, moving, and removing files and directories, using redirection and pipes, managing processes including listing suspended and background processes.

Hardware & Software Requirements for Government
1. Hardware: a minimum of 16GB of RAM and at least 60GB of free disk space.
2. Operating System: Ubuntu Linux OS is preferred. If using this OS, the following applications should be installed: ip, iperf, and ipcalc.
3. Software: Wireshark application (available at https://www.wireshark.org/download.html).

All software and operating systems should be in their latest stable, available releases.

 35 Hours

Number of participants


Price per participant

Runs with a minimum of 4 + people. For 1-to-1 or private group training, request a quote.

Testimonials (3)

Quality of explanation of program operation and analysis of various cases.

Krzysztof - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark

trainer listen to participants

Bartosz - ATOS PGS sp. z o.o.
Course - Advanced Network Troubleshooting Using Wireshark

Trainer is well prepared and dedicated in making us understand. Well done.

Alan Lye - SBS Transit Ltd
Course - Basic Network Troubleshooting Using Wireshark

Upcoming Courses

TCP/IP Network Traffic Analysis with Wireshark

2026-01-26 09:30
35 hours
Tulsa, Ok
$ 6757 (Online)
$ 6757 (Classroom)

TCP/IP Network Traffic Analysis with Wireshark

2026-02-09 09:30
35 hours
75 S West Temple, Salt Lake City, UT
$ 6757 (Online)
$ 6757 (Classroom)

TCP/IP Network Traffic Analysis with Wireshark

2026-02-23 09:30
35 hours
Winooski, VT – MyCube at Champlain Mill
$ 6757 (Online)
$ 6757 (Classroom)

Related Courses

Basic Network Troubleshooting Using Wireshark

 21 Hours

The purpose of this course is to provide participants with foundational knowledge of the Wireshark protocol analyzer, essential for effective network troubleshooting. The curriculum focuses on achieving a deep understanding of the tool, which serves as the basis for its practical application in network diagnostics. The course begins with an introduction to packet capturing, capture and display filters, statistical features, and the basics of the expert system. By the end of the course, participants will be equipped to perform basic troubleshooting in small to medium-sized networks. This training is designed to align with public sector workflows and governance requirements for government. The course combines theoretical instruction with classroom exercises and hands-on labs.

Read more...

Advanced Network Troubleshooting Using Wireshark

 21 Hours

This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course and is designed to provide participants with advanced capabilities for network troubleshooting. It offers an in-depth understanding of network behavior and issues, along with the skills to isolate and resolve security and advanced application problems. The course combines theoretical instruction, class exercises, and laboratory sessions to ensure comprehensive learning for government professionals.

Read more...

Network Troubleshooting with Wireshark

 21 Hours

Network packet analysis is a technique used to examine, in real time, the raw data transmitted and received over a network interface. This method is essential for diagnosing network configuration issues and problems with network applications. Wireshark, a free and open-source packet analyzer, is widely utilized for troubleshooting these types of network challenges.

In this instructor-led, live training, participants will learn how to use Wireshark to assess the functionality and performance of a network, as well as the efficiency of various networked applications. Participants will be introduced to network troubleshooting principles and will practice techniques for capturing and analyzing TCP/IP request and response traffic between different clients and servers.

By the end of this training, participants will be able to:

  • Analyze network functionality and performance in diverse environments under varying conditions
  • Evaluate whether instances of different server applications are performing satisfactorily
  • Identify primary sources of network performance issues
  • Detect and resolve the most common causes of performance problems in TCP/IP communications

Audience

  • Network engineers
  • Network and computer technicians

Format of the Course

  • Part lecture, part discussion, exercises, and extensive hands-on practice

Note

  • To request a customized training for government, please contact us to arrange.
Read more...

Advanced Network Troubleshooting with Wireshark

 21 Hours

Wireshark is a free, open-source packet analyzer used for troubleshooting network issues. Network packet analysis is a technique that allows real-time viewing of the raw data sent and received over a network interface. This method is essential for diagnosing problems related to network configuration and application performance.

In this instructor-led, live training (onsite or remote), participants will learn advanced techniques for troubleshooting the functionality and performance of networks and their applications. This course builds upon "Network Troubleshooting with Wireshark," which primarily focuses on common HTTP applications. Here, we delve into a broader range of protocols and connection mediums, including Wi-Fi, HTTPS, SMTP, enterprise applications, and more.

By the end of this training, participants will be able to:

  • Isolate and resolve network security issues using the Wireshark Command Line Interface (CLI)
  • Troubleshoot applications that utilize protocols beyond HTTP, such as HTTPS, FTP, mail, DNS, etc.
  • Address network connection problems in enterprise applications, including databases and Remote Procedure Calls (RPC)
  • Diagnose connection issues in media applications like VoIP and streaming services
  • Employ network forensics to trace and detect security vulnerabilities

Audience

  • Network engineers
  • Network and computer technicians

Format of the Course

  • Part lecture, part discussion, exercises, and extensive hands-on practice

This training is designed to enhance the skills necessary for government professionals to effectively manage and secure network environments.

Read more...

Related Categories

Wireshark
Wireshark