Network Packet Analysis
8/31/2020 - 9/4/2020


COURSE COST: $2495.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
Register for this course


This course provides the student the concepts, methodologies, and hands-on tools to analyze network traffic for the purposes of focused operations, cyber operations, intrusion detection, and incident response. Each student will be provided an overview on how packet analysis applies to their cyber security position.

You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance problems, and you will prepare for the latest Wireshark Certified Network Analyst (WCNA) certification exam.

Wireshark® is an open source Network Packet Analyzer for analyzing the TCP/IP communications. The participants will experience the use of Wireshark to identify problems in TCP/IP communications.


Topics you will cover in this course include:
Traffic capturing techniques and analyzer placement
Traffic filtering (capture/display)
Customized profiles creation
Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
Normal behavior of ARP, DNS, IP, TCP, UDP, ICMP, and HTTP/HTTPS
Latency issue identification
Connection establishment concerns
Service refusals
Common indications of reconnaissance processes and breached hosts

Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.

CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.

•Read and understand the English language.
•Perform basic operations on a computer.
•Have Knowledge in Computer Networking, Wireless Networking
•Have Knowledge in Information, Network and Wireless Security


*Course cost listed does not include the cost of courseware (required) or lunch (optional). Please contact us at or 207-775-0244 for additional pricing information, or if you have any questions. Course is subject to minimum enrollment. Course may run as a Live Distance Learning (LDL) session if minimum enrollment is not met.


Lesson 1 The Word of Network Analysis
Define Network Analysis
Follow an Analysis Example
Walk-Through of a Troubleshooting Session
Walk-Through of a Typical Security Scenario
Understand Security Issues Related to Network Analysis
Overcome the "Needle in the Haystack Issue"
Review a Checklist of Analysis Tasks
Understand Network Traffice Flows
Launch an Analysis Session

Lesson 2 Introduction to Wireshark
Wireshark Creation and Maintenance
Capture Packets on Wired or Wireless Networks
Open Various Trace File Types
Use the Start Page
Identify the Nine GUI Elements
Navigate WireShark's Main Menu
Use the Main Toolbar for Eficiency
Focus Faster with the Filter Toolbar
Make the Wireless Toolbar Visible
Get Some Trace Files
Case Study Detecting Database Death

Lesson 3 Capture Traffic
Know Where to Tap Into the Network
Run Wireshark Locally
Capture Traffic on Switched Networks
Analyze Routed Networks
Analyze Wireless Networks
Capture at Two Locations (Dual Captures)
Select the Right Capture Interface
Capture on Multiple Adapters Simultaneously
Interface Details (Windows Only)
Capture Traffice Remotely
Automatically Save Packets to One or More Files
Optimize Wireshare to Avoid Dropping Packets

Conserve Memory with Comand-Line Capture
Case Study - Dual Capture Points the Finger
Case Study - Capturing Traffic at Home

Lesson 4 Create and Apply Capture Filters
The Purpose of Capture Filters
Apply a Capture Filter to an Interface
Build Your Own Set of Capture Filters
Filter by a Protocol
Filter Incoming Connection Attempts
Creat MAC/IP Address or Host Name Capture Filters
Capture One Application's Traffice Only
Use Operators to Combine Capture Filters
Create Capture Filters to Look for Byte Values
Manually Edit the Capture Filters File
Share Capture Filters with Others

Lesson 5 Define Global and Personal Preferences
Find Your Configuration Folders
Set Global and Personal Configurations
Customize Your User Interface Settingds
Define Your Capture Preferences
Automatically Resolve IP and MAC Names
Plot IP Addresses on a World Map with GeoIP
Resolve Port Numbers (Transport Name Resolution)
Resolve SNMP Information
Configure Filter Expressions
Configure Statistics Settings
Define ARP, TCP, HTTP/HTTPS and Other Protocol Settings
Configure Protocol Settings with Right-Click

Lesson 6 Colorize Traffic
Use Colors to Differentiate Traffic Types
Disable One or More Coloring Rules
Share and Manage Coloring Rules
Identify Why a Packet is a Certain Color
Create a "Butt Ugly" Coloring Rule for HTTP Errors
Color Conversations to Distinguish Them
Temporarily Mark Packets of Interest
Alter Stream Reassembly Coloring

Lesson 7 Define Time Values and Interpret Summaries
Use Time to Identify Network Problems
Send Trace Files Across Time Zones
Identify Delays with Time Values
Identify Client, Server and Path Delays
View a Summary of Traffic Rates, Packet Sizes and Overall Bytes Transferred

Lesson 8 - Interpret Basic Trace Files Statistics
Launch Wireshark Statistics
Identify Network Protocols and Applications
Protocaol Settings Can Affect Your Results
Identify the Most Active Conversations
List Endpoints and Map Them on the Earth
Spot Suspicious Targets with GeoIP
List Conversations or Endpoints for Specific Traffice Types
Evaluate Packet Lengths
List All IPv4/IPv6 Address in the Traffic
List All Destinations in the Traffic
List UDP and TCP Usage
Analyse UDP Multicast Streams

Graph the Flow of Traffic
Gather Your HTTP Statistics
Examine All WLAN Statistics

Lesson 9 Create and Apply Display Filters
Understand the Purpose of Display Filters
Create Display Filters Using Auto-Complete
Apply Saved Display Filters
Use Expressions for Filters Assistance
Make Display Filters Using Right-Click Filtering
Filer on Conversations and Endpoints
Filter of the Protocol Hiearchy Window
Understand Display Filter Syntax
Combine Display Filters with Comparison Operators
Alter Display Filter Meaning with Parentheses
Filter on the Existence of Filed
Filter on Specific Bytes in a Packet

Find Key Words in Uper or Lower Case
More Interesting Regex Filters
Let Wireshark Catch Display Filter Mistakes
Use Display Filter Macros for Complex Filtering
Avoid Common Display Filter Mistakes
Manually Edit the dfilters File

Lesson 10 Follow Streams and REassemble Data
The Basics of Traffice Reassembly
Follow and Reassemble UDP Conversations
Follow and Reassemble TCP Conversations
Follow and Reassemble SSL Conversations
Reassemble an SMB Transfer

Lesson 11 Customize Wireshark Profiles
Customize Wireshark with Profiles
Create a New Profile
Share Profiles
Create a Troubleshooting Profile
Create a Corporate Profile
Create a WLAN Profile
Create a VoIP Profile
Create a Security Profile

Lesson 12 Annotate, Save, Export and Print Packets
Annotate a Packet or an Entire Trace File
Save Filtered, Marked and Ranges of Packets
Export Packet, Content for Use in Other Programs
Export SSL Keys
Save Conversations, Endpoints, IO Graphs and Flow Graph Information
Export Packet Bytes

Lesson 13 Use Wireshark's Expert System
Let Wireshark's Expert Information Guide You
Understand TCP Expert Information

Lesson 14 TCP/IP Analysis Overview
TCP/IP Functionality Overview
Build the Packet

Lesson 15 Analyze Domain Name System (DNS) Traffic
The Purpose of DNS
Analyze Normal DNS Queries/Responses
Analyze DNS Problems
Dissect the DNS Packet Structure
Filter on DNS/MDNS Traffic

Lesson 16 Analyze Address Resolution Protocol (ARP) Traffic
Identify the Purpose of ARP
Analyze Normal ARP Requests/Response
Analyze Gratuitous ARPs
Analyze ARP Problems
Dissect the ARP Packet Structure
Filter on ARP Traffic

Lesson 17 Analyze Internet Protocol (IPv4/IPv6) Traffic
Identify the Purpose of IP
Analyze Normal IPv4 Traffic
Analyze IPv4 Problems
Dissect the IPv4 Packet Structure
An Introduction to IPv6 Traffic
Dissect the IPv6 Packet Structure
Basic IPv6 Addressing
Sanitze Your IP Addresses in Trace Files
Set Your IPv4 Protocol Preferences
Troubleshooting Encrypted Communications
Filter on IPv4 Traffic
Filer on IPv6 Traffic

Lesson 18 Analyze Internet Control Message Protocol (ICMPv4/ICMPV6) Traffic
The Purpose of ICMP
Analyze Normal ICMP Traffic
Analyze ICMP Problems
Dissect the ICMP Packet Structure
Basic ICMPv6 Functionality
Filter on ICMP and ICMPv6 Traffic

Lesson 19 Analyze User Datagram Protocol (UCP) Traffic
The Purpose of UDP
Analyze Normal UDP Traffice
Analyze UDP Problems
Dissect the UDP Packet Structure
Filter on UDP Traffic

Lesson 20 Analyze Transmision Control Protocol (TCP) Traffic
The Purpose of TCP
Analyze Normal TCP Communication
Analyze TCP Problems
Dissect the TCP Packet Structure
Filter on TCP Traffic
Set TCP Protocol Preferences

Lesson 21 Graph IO Rates and TCP Trends
Use Graphs to View Trends
Generate Basic IO Graphs
Filter IO Graphs
Generate Advanced IO Graphs
Compare Traffice Trends in IO Graphs
Graph Round Trip Time
Graph Throughput Rates
Graph TCP Sequence Numbers over Time

Lesson 22
Analyze Dynamic Host Configuration Protocol (DHCPv4/DHCPv6) Traffic
Analyze Hypertext Transfer Protocol (HTTP) Traffic
Analyze File Tranfer Protocol (FTP) Traffic
Analze Email Traffic
Introduction to 802.11 (WLAN) Analysis
Introduction to Voice over IP (VoIP) Analysis
Baseline "Normal" Traffic Patterns
Find the Top Causes of Performance Problems
Network Forensics Overview
Detect Scanning and Discovery Processes
Analyze Suspect Traffic
Effective Use of Command-Line Tools