ADLER-TECH

Wireshark: Systematic Network Diagnostics and Performance Analysis

Duration: 21 Hours (3 Days) Focus: Packet Inspection, Flow Analysis, and Performance Pinpointing

Day 1: Foundation, Capture, and Basic Analysis 🔬

Module 1: Introduction and Tool Setup

  • Wireshark Positioning (Understanding that Wireshark is not just a last-resort tool but a primary diagnostic utility).
  • Troubleshooting Core (Overview of Network Troubleshooting Concepts and the principles of Root cause analysis).
  • Installation (Installing Wireshark and required system libraries).

Module 2: Interface Overview and Traffic Capture

  • User Interface Mastery (Navigating the UI interface (packet list, details, hex panes)).
  • Interface Selection (Selecting the network interface for capture).
  • Capture Techniques (Capturing packets on wired and wireless networks (e.g., using monitor mode)).

Module 3: Basic Log Inspection and Session Analysis

  • Offline Inspection (Saving the log for offline inspection (e.g., using .pcap format)).
  • HTTP Inspection (Inspecting the HTTP packets for status codes and payloads).
  • Stream Flow (Viewing back-and-forth TCP streams using the Follow TCP Stream feature).

Module 4: Initial Troubleshooting Steps

  • Filtering Essentials (Using basic display filters to isolate specific traffic).
  • Statistical Overview (Seeing the statistics of the loaded trace file (protocol distribution, endpoints)).

Day 2: Performance, Timing, and Flow Analysis 📈

Module 5: Performance Diagnostics and Response Times

  • Timing Columns (Setting delta time columns to check time differences between packets).
  • Response Time Check (Checking Response Times for client-server transactions).

Module 6: Troubleshooting Slow Connections

  • Isolating Problem Domains (Analyzing Connection Speed Issues When Connecting to a Particular Website).
  • Sustained Issues (Diagnosing Consistently slow connections over prolonged periods of time).
  • Expert System (Introduction to the Wireshark Expert System and the TCP/IP Resolution Flowchart).

Module 7: Analysis by Traffic Type

  • Protocol Deep Dive (Analyzing traffic across major protocols: DNS, ARP, IPv4, IPv6, ICMP, UDP, TCP, and HTTP/HTTPS).

Module 8: Pinpointing Performance Issues

  • Statistical Visualization (Creating statistical charts and graphs for flow analysis and bandwidth use).
  • Color Rules (Setting colors in Wireshark to visually identify anomalies).
  • Targeted Filtering (Filtering traffic using advanced expressions to isolate symptoms).

Day 3: Security, Configuration, and Troubleshooting Scenarios 🚨

Module 9: Identifying Malicious and Anomalous Traffic

  • ARP Inspection (Inspecting ARP traffic for spoofing or unusual activity).
  • Malware Detection (Checking for Machines Infected with a Virus by observing connection patterns).
  • Misconfiguration (Inspecting for Broken/misconfigured software (network flooding)).
  • Software Probes (Inspecting Sources of Network Traffic, including applications like Intel ANS probe).

Module 10: Troubleshooting Secured and Complex Environments

  • Secured Contexts (Troubleshooting Connections within a Secured Network Environment).
  • Perimeter Issues (Diagnosing problems related to Proxies, firewalls and clients).

Module 11: Wireshark Optimization and Methodology

  • Non-Intrusive Analysis (Configuring Wireshark for Optimal Performance and Non-intrusive analysis).
  • Workflow Integration (Review of systematic troubleshooting procedures).

Module 12: Summary and Conclusion

  • Comprehensive Troubleshooting (Review of core skills and techniques).