ADLER-TECH

Wireshark Fundamentals: Deep Packet Analysis for Network Troubleshooting

Duration: 21 Hours (3 Days) Focus: Packet Capture, Filter Logic, and Performance Diagnostics

Troubleshooting Core (What is network troubleshooting and why it’s critical).
Tool Overview (Troubleshooting tools landscape and capabilities).
Methodologies (Systematic Troubleshooting methodologies, e.g., the OSI model approach).

Application Mechanism (How Wireshark Works and the role of libpcap/WinPcap).
Setup and Configuration (Setting Global Preferences).
Packet Capture (Capturing Packets and defining capture interfaces).
Initial Filters (Defining the difference between capture and display filters).

Interface Techniques (Navigation and Colorization Techniques for trace file review).
Time Analysis (Understanding and Using Time Values and relative/absolute time).
Trace File Summaries (Examining Basic Trace File Statistics).
Data Handling (Save, Export and Print functions for analysis sharing).

Capture Filters (BPF) (Capture filters – basics and filter language (e.g., host, port, proto)).
Display Filters (Wireshark) (Display filters – basics and filter language (e.g., field names, operators)).
Filter Utility (Useful filters for immediate diagnostic tasks (e.g., ip.addr, tcp.flags.syn==1)).
Practical Application (Lab exercises and case studies applying complex filter logic).

Time Column Usage (Using the default time column setting and precision).
Inter-Packet Timing (Analyzing time between packets).
Reference Setting (How to Set a time reference and view capture times).
Timing Diagnostics (Troubleshooting timing problems using time delta and time since first frame).
Hands-on Practice (Lab exercises and case studies focused on latency symptoms).

I/O Graphs (How to Create I/O graphs to visualize throughput and burst traffic).
Flow Analysis (Analyzing TCP/IP flows and Analyse applications flows).
TCP Metrics (Creating TCP Time-Sequence graphs for window and ACK analysis).
Graph Evaluation (Analyzing flow graphs).
Service Response Time (Evaluating service response times and calculating application delay).
Round-Trip Time (RTT) (Creating Round-Trip-Time graphs).
Case Studies (Lab exercises and case studies using statistical outputs).

Expert Basics (Understanding The Expert System Basics (Info, Warn, Error, Chat)).
Communication Contexts (Identifying Normal and un-normal Network Communications).
Symptom Identification (Identifying common Causes of Performance Problems).
Key Indicators (Recognizing Packet Losses, Ack too longs and Retransmissions).
Diagnostics Practice (Lab and case studies using Expert System output).

Measurement Techniques (Bandwidth measurement concepts).
Throughput Calculation (Performing User/flow throughput calculations and Applications throughput calculations).
Problem Identification (Diagnosing Bandwidth and throughput problems using I/O graphs).
Throughput Labs (Lab exercises and case studies on congestion identification).

Latency Calculation (Understanding The primary points in calculating latency).
Visualizing Latency (Methods for Plotting high latency times).
External Tools (Review of Free latency calculators).
Delta Filter (Using the frame.time_delta filter for per-packet analysis).
Latency Labs (Lab exercises and case studies focusing on RTT).

Loss Mechanisms (Understanding Packet loss and recovery – UDP and TCP).
TCP Loss Events (Identifying Previous segment lost and Out-of-Order Segments events).
Fast Recovery (Identifying Duplicate ACKs and Fast Retransmissions).
Retransmission Analysis (Analyzing TCP Retransmissions).
Window Management (Identifying Zero window, Window changes and other window problems (e.g., TCP Window Full)).
Deep Dive Labs (Lab exercises and case studies on recovering and diagnosing session integrity issues).