Wireshark is the world’s foremost and widely-used network protocol analyzer. Network analysis and troubleshooting data packets in a network is always a daunting task. But Wireshark always comes to rescue in such situations. As the Wireshark is used widely inside commercial, non-profit, educational and at various places; it becomes crucial for IT people to know deeply about Wireshark’s capabilities to get insight at microscopic level in a network and know what’s happening in order to analyze, troubleshoot, monitor and sometimes capture sensitive credentials passing through the wires.
Every organization should hire a network administrator who has sufficient knowledge of Wireshark to deal with data packets. Wireshark is capable of fitting into every hacking or security action. Wireshark is the world’s foremost and most widely-used network protocol analyzer. Network analysis and troubleshooting data packets in a network is always a daunting task. But Wireshark always comes to the rescue in such situations. As Wireshark is used widely inside commercial, non-profit, educational and at various places, it becomes crucial for IT people to have thorough knowledge about Wireshark’s capabilities to get insights at a microscopic level in a network and know what’s happening in order to analyze, troubleshoot, monitor and sometimes capture sensitive credentials passing through the wires. Wireshark is useful even in session hijacking of authenticated users and it is the industry leading tool that every ethical hacker, network admin, system admin and even malicious hackers or black hat hackers uses to perform advanced security analysis and attacks.
Course duration: 18 hours (18 CPE points)
Course is self-paced and pre-recorded
What will you learn?
- Packet filtering in a large network
- Perform MITM attacks in network
- Capture sensitive credentials
- Analyze network traffic for various protocols
- Know how Protocols work with TCP/IP and OSI Model layers
- Fix the network issues
- Capture plaintext passwords
- See data of each bit
- Use I/O graph to see each piece of information in graphical view
- Customize Wireshark for different usage
- How traffic is filtered with hundreds of filter rules
- Colorize the traffic for your own view
What skills will you gain?
- Know what’s happening inside the network traffic
- Filter traffic based on your own rules that you created
- How to capture the traffic in multiple datasets
- How to split and merge large captured traces
- Perform various attacks based on protocol issues
- Find TCP and HTTP headers for further analysis
- See only endpoints, target traffic for a single requirement
- Filter for one protocol, one port or port range, one IP address or range of IP
- Identify network intrusions using filters and colorizing rules
- Identify port scanning and DoS attacks on your networks
- Remotely capturing the traffic
- IP and port filtering
- Capture VoIP telephony and listen to the conversations
- Baseline your network traffic for your organization
- EMAIL, DNS, HTTP, TCP, ARP, Ipv4, Ipv6, etc., analysis
- Make and apply display filters
What will you need?
- Windows or Linux OS
- Working network connection, wired or wireless
What should you know before you join?
- Basics of networking and protocols
- TCP 3-way handshakes
Atul Tiwari has over 5 years of working experience in the field of “web application penetration testing” with over 10 years in security training. He has trained more than 45k students across 162 countries in online mode. Atul has specialized in web security testing and have conducted over hundreds of pentesting, audits, testing of web applications since 2013. He holds CISSP certifications with CEH, cyber laws, CCNA. He is founder and CTO at gray hat | security (INDIA) www.grayhat.in
Module 1: Getting started with Wireshark
Hands-on usage and details will be covered from simple startup to customization of profiles for the user. Various protocols will be set in preferences for detailed focus over analysis and setup.
Module 1 covered topics:
- Preparing the SHARK
- Identifying Nine GUI elements
- Create profiles
- Features walk through
- Global and personal preferences
- CLI of Wireshark Tshark
- Pcap-ng and capture file standards
Module 1 exercises:
- Create a new profile
- Show the global preferences
Module 2 Traffic capture and packet filtering
We will start capturing the traffic of various protocols and filter the same with HTTP, TCP, UDP, DNS, VoIP, ARP and much more. We will analyze the traffic with the following streams (TCP, HTTP), IP and port filtering, capture filters, colorizing rules and, finally, save, annotate, and print the packets.
Module 2 covered topics:
- Capturing traffic
- Capture filters Vs display filters
- Create and implement display filters
- Capture filters
- Tap into network to capture traffic
- IP and port filtering
- Follow streams and data
- BPF syntax
- Colorizing traffic
- Save, export, annotate and printing packets
- Remotely capture traffic
Module 2 exercises:
- Filter traffic based on IP and port number
- Filter HTTP cookies
- Make capture filter rules
- Setup remote capturing of traffic to capture
Module 3: Statistics
We will see how to get more out of the captured traffic and analyze to get more deep and fine-tuned results. We will see endpoints, Ipv4 and Ipv6 statistics, Hierarchy, throughputs, TCP trends, etc.
Module 3 covered topics:
- Trace file statistics
- Saving traces
- Graph IO rates and TCP trends
- Wireshark’s expert system
- Time values and interpretation
Module 3 exercises:
- Trace file statistics
- Explore Time values and interpretation
- Graph I/O rates
Module 4: Advanced analysis of networks
Analyze different protocols, listen to VoIP communications and playback using the captured packets. As a network engineer, one can dive into Wireshark’s plugins, create rules for detecting unauthorized scanning, network flooding of the network and intrusion detection, and fixing issues, as well. Make your own traffic baseline for organization. Email, HTTP, DNS, ARP, TCP, ICMP, Ipv4 and Ipv6, etc., analysis.
Module 4 covered topics:
- ARP_DNS_TCP_HTP Analysis
- ICMP analysis
- IPv4 and IPv6 analysis
- Email Analysis SMTP
- Sniffing clear text protocols
- VoIP analysis and Playback
- Traffic baselining
- Intrusion detection of SYN flooding
- Troubleshooting network issues FTP
- Wireshark Plugins in LUA
Module 4 exercises:
- Analyze DNS traffic
- Analyze HTTP traffic
- Create traffic baseline for SYN flood detection
- Analyze the solve the ICMP issues
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Intitial module release dates: January 28th (Module 1), February 4th (Module 2), February 11th (Module 3), February 18th (Module 4).
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- We designed the course so that a diligent student will need about 18 hours of work to complete the training.
- Your time will be filled with reading, videos, and exercises.