Prerequisites
To apply for the Wireshark Training, you need to either:
- Basic computer literacy.
- Good communication skills.
- Good Mathematics and Statistical skills.
- Analytics skills.
- Basic programming skills.
- Basic education qualifications (12th, Graduation, Post Graduation, Diploma, etc.)
Course Curriculum
Module 1: Wireshark basics
- Wireshark fundamentals
- Overview of L2-7
- Installation of Pcap library
- Basic capture and filters
- UDP Specifications and Fragmentation capturing
- Layers dissection
- Capture save options
Module 2: Filters
- Creating filters to capture by MAC/IP/Application
- Display filter language
- Using operators, Combine filters
- bytes values
- Identifying applications and network protocols
- Normal UDP & TCP conversation
- Following streams and reassembling data
- capture filters
- Colorize traffic
Module 3: Statistics and Analysis
- statistics view of Wireshark
- Most active: IP addresses, endpoints, conversations, wireless statistics
- HTTP and FTP conversation
- Detect latency with combined statistics
- I/O graph
- TCP latency/duplicates ack/retransmit
Module 4: Wireshark expert info
- Ack lost
- Duplicate ack
- TCP retransmit
- Segment not captured
- Previous segment lost
- Out of order segment
Module 5: Analysis
- Traffic graph
- TCP graph sequence numbers and windowing
- Viewing and Coloring basic I/O graphs
- Viewing trends by using graphs
- Special graphs
- network analysis terms
- Latency, packet loss, slowness, dead time segment
- Attack detection
- detecting client server path delays – complete analysis
Module 6: TCPDUMP and Deep conversation analysis
- TCPDUMP
- How to use it
- Syntax and filters
- Play with buffers
- Smart optimization
- How to save capture les with reduced overhead – tips & tricks
Module 7: Deep conversations analysis
- HTTP & HTTPS complete session analysis and troubleshooting
- HTTP payload structure
- RTP & RTSP complete session analysis and troubleshooting
- Capture lters and build dissector
- Security
Module 8: Hosts scan detection
- ICMP probe detection
- Ports scan detection TCP and UDP
- Scanning and discover it using NMAP and Wireshark
Module 9: Capture filter
- Syntax of LIBCAP capture filter
- Filter by payload
- Filter host, mac
- Combining filters to match with TCP flags
Module 10: Detect denial of service attack (DOS and DDOS)
- Malformed packets
- Analyzing suspicious traffic
- Injecting packets to the network and simulating scenario required
Module 11: Build dissector
- Dissector language
- Working of dissector
- Add headers information
- Dissect new protocol “My Packet”