Wireshark Essentials (CS8506)

This course introduces the Wireshark network analyzer to IT professionals across multiple disciplines.

It starts off with the installation of Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. The subsequent modules will build on this foundation by covering essential topics on the application of the right Wireshark features for analysis, network protocols essentials, troubleshooting, and analyzing performance issues. Finally, the course focuses on packet analysis for security tasks, command-line utilities, and tools that manage trace files.

Upon finishing this course, you will have successfully added strong Wireshark skills to your technical toolset and significantly increased your value as an IT professional.

A preferential rate (-15%) applies to the regular cost for non-profit organizations, as well as the government sector. In addition, you can benefit from additional advantages through a corporate agreement when you need to train several people or teams in your company. Contact us for details.

Public class

3 days / 21 hours

Private class

Virtual classroom
Minimum no. of participants: 4
3 days / 21 hours
Price on request
English or Serbian
Training plan: 

Module 1: Getting Acquainted with Wireshark

  • Installing Wireshark
  • Performing your first packet capture

Module 2: Networking for Packet Analysts

  • The OSI model – why it matters
  • IP networks and subnets
  • Switching and routing packets
  • WAN links
  • Wireless networking

Module 3: Capturing All the Right Packets

  • Picking the best capture point
  • Test Access Ports and switch port mirroring
  • Capturing interfaces, filters, and options
  • Verifying a good capture
  • Saving the bulk capture file
  • Isolating conversations of interest
  • Using the Conversations window
  • Wireshark display filters
  • Filter Expression Buttons
  • Following TCP/UDP/SSL streams
  • Marking and ignoring packets
  • Saving the filtered traffic

Module 4: Configuring Wireshark

  • Working with packet timestamps
  • Colorization and coloring rules
  • Wireshark preferences
  • Wireshark profiles

Module 5: Network Protocols

  • The OSI and DARPA reference models
  • Transport layer protocols
  • Application layer protocols

Module 6: Troubleshooting and Performance Analysis

  • Troubleshooting methodology
  • Troubleshooting connectivity issues
  • Troubleshooting functional issues
  • Performance analysis methodology

Module 7: Packet Analysis for Security Tasks

  • Security analysis methodology
  • Security assessment tools
  • Identifying unacceptable or suspicious traffic
  • Scans and sweeps
  • OS fingerprinting
  • Malformed packets
  • Phone home traffic
  • Password-cracking traffic
  • Unusual traffic

Module 8: Command-line and Other Utilities

  • Wireshark command-line utilities
  • Capturing traffic with Dumpcap
  • Capturing traffic with Tshark
  • Editing trace files with Editcap
  • Merging trace files with Mergecap
  • Other helpful tools
  • One year access to the class recording
  • Access to the lab environment during the training
  • Course material accessible in electronic format
  • One year subscription to the CodeRed platform containing thousands of cybersecurity videos
  • Certificate of attendance

Contact us for more information on pricing::

Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3