Course Outline

Day 1

Network analysis overview

  1. OSI reference model and TCP/IP networks essentials.
  2. Troubleshooting tools, methodologies.
  3. Introduction to Wireshark
  4. What is Wireshark? Portable Wireshark. Resources.
  5. Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, ... .
  6. Architecture and processing flow. What and why cannot be seen with Wireshark?
  7. Supported protocols. Dissectors.
  8. Preferences and configurations; global and profile specific.
  9. Time values.
  10. Lab exercises.

Day 2

Capture traffic

  1. Things to consider before start.
  2. Promiscuous mode.
  3. Capture filters.
  4. Automatic stop criteria.
  5. Remote capture.
  6. Lab exercises.

Traffic analysis: tools and approaches

  1. Analysis checklist.
  2. Using features: name resolution, colorization, marking, ignoring, commenting, using time references, time shifts, etc.
  3. Understanding Expert System.
  4. Accessing options through Right-Click functionality.
  5. Interpretation (reference patterns), OS/driver Offload features impact.
  6. Saving results.
  7. Lab exercises and case studies.

Day 3

Traffic analysis: tools and approaches (cont.)

  1. Filtering traffic: Display filters (preparing "in-flight" filters, macros), following stream.
  2. Quantitative analysis.
    1. Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IP-specific.
    2. Protocol specific analysis (e.g.: TCP Stream Graphs).
    3. Advanced custom statistics with I/O Graph.
    4. Flow visualization.

Day 4

Traffic analysis: protocols

  1. Data-Link Layer: Ethernet II.
  2. Network Layer: IPv4.
  3. Transport Layer: TCP, UDP.
    1. Packet loss and recovery.
    2. Previous segment lost and Out-of-Order Segments events.
    3. Duplicate ACKs and Fast Retransmissions.
    4. TCP Retransmissions.
    5. Zero Window, Window changes and other window problems.
  4. Application layer: HTTP, FTP.
  5. Lab exercises and case studies.

Day 5

Traffic analysis: common issues in network performance assessment

  1. Cause of performance problems.
  2. Packet loss.
  3. Bandwidth issues. Layered approach to measurement.
  4. Latency: assessing end to end latency, visualization.
  5. Lab exercises.
  6. (Wireshark) command-line tools:
    1. tshark (terminal-based wireshark) / dumpcap / rawshark, tcpdump
    2. editcap, mergecap, capinfos, text2pcap.

Advanced topics

  1. Advanced filters, grouped iostats.
  2. Summary and Q&A.

Requirements

1. Familiarity with ISO OSI Reference Model - ITU-T X.200 and TCP/IP protocol stack.

2. Basic knowledge of Unix/Linux OS: UNIX terminal, directory structure, listing files and directo-
ries, making directories, changing to a different directory, copying, moving and removing files and directories, redirection, pipes, processes - listing suspended and background processes.

Hardware & Software
1. HW: min 16GB of RAM, min 60GB free disk space available.
2. OS: Ubuntu Linux OS is preferred. In this case the following applications should be installed: ip,
iperf, ipcalc.
3. SW: Wireshark application (https://www.wireshark.org/download.html).

All should be in latest stable, available releases.

 35 Hours

Delivery Options

Private Group Training

Our identity is rooted in delivering exactly what our clients need.

  • Pre-course call with your trainer
  • Customisation of the learning experience to achieve your goals -
    • Bespoke outlines
    • Practical hands-on exercises containing data / scenarios recognisable to the learners
  • Training scheduled on a date of your choice
  • Delivered online, onsite/classroom or hybrid by experts sharing real world experience

Private Group Prices RRP from €11400 online delivery, based on a group of 2 delegates, €3600 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.

Contact us for an exact quote and to hear our latest promotions


Public Training

Please see our public courses

Need help picking the right course?

Testimonials (3)

Quality of explanation of program operation and analysis of various cases.

Krzysztof - Centrum Informatyki Resortu Finansow
Course - Network Troubleshooting with Wireshark

trainer listen to participants

Bartosz - ATOS PGS sp. z o.o.
Course - Advanced Network Troubleshooting Using Wireshark

Trainer is well prepared and dedicated in making us understand. Well done.

Alan Lye - SBS Transit Ltd
Course - Basic Network Troubleshooting Using Wireshark

Provisional Upcoming Courses (Contact Us For More Information)

TCP/IP Network Traffic Analysis with Wireshark

2025-05-19 09:30
35 hours
Swatar, City Centre

TCP/IP Network Traffic Analysis with Wireshark

2025-06-02 09:30
35 hours
Swatar, City Centre

TCP/IP Network Traffic Analysis with Wireshark

2025-06-16 09:30
35 hours
Swatar, City Centre

TCP/IP Network Traffic Analysis with Wireshark

2025-06-30 09:30
35 hours
Swatar, City Centre

TCP/IP Network Traffic Analysis with Wireshark

2025-07-14 09:30
35 hours
Swatar, City Centre

Related Courses

Basic Network Troubleshooting Using Wireshark

 21 Hours

The purpose of the course is to provide the participant with basic knowledge of the Wireshark protocol analyzer. The course focuses on deep understanding of the tool, as the basics for using it for network troubleshooting. The course starts with packet capturing, capture and display filters, statistical features and the basics of the expert system. By the end of the course the participant will be able to perform basic troubleshooting in small to medium size networks. The course is based on theory, class exercise and labs.

Read more...

Advanced Network Troubleshooting Using Wireshark

 21 Hours

This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants with advanced capabilities for network troubleshooting. The course provides an in-depth knowledge of network behaviour and problems, along with the capabilities to isolate and solve security and advanced applications problems. The course is based on theory, class exercise and labs.

Read more...

Network Troubleshooting with Wireshark

 21 Hours

Network packet analysis is a technique used to view, in real time, the raw data sent and received over a network interface. This is useful for troubleshooting network configuration and network application problems. Wireshark is a free open source packet analyzer used for troubleshooting such network issues.

In this instructor-led, live training, participants will learn how to use Wireshark to troubleshoot the functionality of a network as well as the performance of differente networked applications. Participants will learn network troubleshooting principles and practice techniques for capturing and analyzing TCP/IP request and response traffic between different clients and the servers.

By the end of this training, participants will be able to:

  • Analyze network functionality and performance in various environments under different conditions
  • Determine whether instances of different server applications are performing acceptably
  • Identify the primary sources of network performance problems
  • Identify and troubleshoot the most common causes of performance problems in TCP/IP communications

Audience

  • Network engineers
  • Network and computer technicians

Format of the Course

  • Part lecture, part discussion, exercises and heavy hands-on practice

Note

  • To request a customized training for this course, please contact us to arrange.
Read more...

Advanced Network Troubleshooting with Wireshark

 21 Hours

Wireshark is a free open source packet analyzer used for troubleshooting network issues. Network packet analysis is a technique used to view, in real time, the raw data sent and received over a network interface. This is useful for troubleshooting network configuration and network application problems.

In this instructor-led, live training (onsite or remote), participants will learn advanced techniques for troubleshooting the functionality and performance of a network and its applications. This course is an extension of "Network Troubleshooting with Wireshark", which focuses primarily on common HTTP applications. In this training, we consider protocols and connection mediums such as Wi-Fi, HTTPS, SMTP, enterprise applications and more.

By the end of this training, participants will be able to:

  • Isolate and solve network security issues using the Wireshark CLI
  • Troubleshoot applications that use protocols beyond HTTP, including HTTPS, FTP, mail, DNS, etc.
  • Troubleshoot network connection problems in enterprise applications such as databases, RPC, etc.
  • Troubleshoot connection problems in media applications such as VoIP and streaming
  • Use network forensics to trace and detect security issues

Audience

  • Network engineers
  • Network and computer technicians

Format of the Course

  • Part lecture, part discussion, exercises and heavy hands-on practice

Note

  • To request a customized training for this course, please contact us to arrange.
Read more...

Related Categories

Image for the Wireshark
Wireshark