Course Code: 5456

Network Packet Analysis

Class Dates:
5 Days
Class Time:


  • Course Overview
  • This course provides the student the concepts, methodologies, and hands-on tools to analyze network traffic for the purposes of focused operations, cyber operations, intrusion detection, and incident response. Each student will be provided an overview on how packet analysis applies to their cyber security position.

    You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will develop a thorough understanding of how to use Wireshark efficiently to spot the primary sources of network performance problems, and you will prepare for the latest Wireshark Certified Network Analyst (WCNA) certification exam.

    Wireshark® is an open source Network Packet Analyzer for analyzing the TCP/IP communications. The participants will experience the use of Wireshark to identify problems in TCP/IP communications.

  • Audience
  • Topics you will cover in this course include:
    Traffic capturing techniques and analyzer placement
    Traffic filtering (capture/display)
    Customized profiles creation
    Coloring rules, graphing, field interpretations, and functionality of key TCP/IP communications
    Normal behavior of ARP, DNS, IP, TCP, UDP, ICMP, and HTTP/HTTPS
    Latency issue identification
    Connection establishment concerns
    Service refusals
    Common indications of reconnaissance processes and breached hosts

    Please bring your own laptop loaded with Wireshark to class. You may download Wireshark for free at

    Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.


  • CompTIA Network+, working knowledge of TCP/IP fundamentals, or equivalent experience is required. CCNA is recommended but not required. Students should have at least one year of work experience with TCP/IP networks. Students should have experience with basic Linux command line functions and a working knowledge of information assurance and network security principles.

    •Read and understand the English language.
    •Perform basic operations on a computer.
    •Have Knowledge in Computer Networking, Wireless Networking
    •Have Knowledge in Information, Network and Wireless Security
  • Recommended Courses:

Course Details

  • Lesson 1 The Word of Network Analysis
  • Define Network Analysis
  • Follow an Analysis Example
  • Walk-Through of a Troubleshooting Session
  • Walk-Through of a Typical Security Scenario
  • Understand Security Issues Related to Network Analysis
  • Overcome the "Needle in the Haystack Issue"
  • Review a Checklist of Analysis Tasks
  • Understand Network Traffice Flows
  • Launch an Analysis Session
  • Lesson 2 Introduction to Wireshark
  • Wireshark Creation and Maintenance
  • Capture Packets on Wired or Wireless Networks
  • Open Various Trace File Types
  • Use the Start Page
  • Identify the Nine GUI Elements
  • Navigate WireShark's Main Menu
  • Use the Main Toolbar for Eficiency
  • Focus Faster with the Filter Toolbar
  • Make the Wireless Toolbar Visible
  • Get Some Trace Files
  • Case Study Detecting Database Death
  • Lesson 3 Capture Traffic
  • Know Where to Tap Into the Network
  • Run Wireshark Locally
  • Capture Traffic on Switched Networks
  • Analyze Routed Networks
  • Analyze Wireless Networks
  • Capture at Two Locations (Dual Captures)
  • Select the Right Capture Interface
  • Capture on Multiple Adapters Simultaneously
  • Interface Details (Windows Only)
  • Capture Traffice Remotely
  • Automatically Save Packets to One or More Files
  • Optimize Wireshare to Avoid Dropping Packets
  • .
  • Conserve Memory with Comand-Line Capture
  • Case Study - Dual Capture Points the Finger
  • Case Study - Capturing Traffic at Home
  • Lesson 4 Create and Apply Capture Filters
  • The Purpose of Capture Filters
  • Apply a Capture Filter to an Interface
  • Build Your Own Set of Capture Filters
  • Filter by a Protocol
  • Filter Incoming Connection Attempts
  • Creat MAC/IP Address or Host Name Capture Filters
  • Capture One Application's Traffice Only
  • Use Operators to Combine Capture Filters
  • Create Capture Filters to Look for Byte Values
  • Manually Edit the Capture Filters File
  • Share Capture Filters with Others
  • Lesson 5 Define Global and Personal Preferences
  • Find Your Configuration Folders
  • Set Global and Personal Configurations
  • Customize Your User Interface Settingds
  • Define Your Capture Preferences
  • Automatically Resolve IP and MAC Names
  • Plot IP Addresses on a World Map with GeoIP
  • Resolve Port Numbers (Transport Name Resolution)
  • Resolve SNMP Information
  • Configure Filter Expressions
  • Configure Statistics Settings
  • Define ARP, TCP, HTTP/HTTPS and Other Protocol Settings
  • Configure Protocol Settings with Right-Click
  • Lesson 6 Colorize Traffic
  • Use Colors to Differentiate Traffic Types
  • Disable One or More Coloring Rules
  • Share and Manage Coloring Rules
  • Identify Why a Packet is a Certain Color
  • Create a "Butt Ugly" Coloring Rule for HTTP Errors
  • Color Conversations to Distinguish Them
  • Temporarily Mark Packets of Interest
  • Alter Stream Reassembly Coloring
  • Lesson 7 Define Time Values and Interpret Summaries
  • Use Time to Identify Network Problems
  • Send Trace Files Across Time Zones
  • Identify Delays with Time Values
  • Identify Client, Server and Path Delays
  • View a Summary of Traffic Rates, Packet Sizes and Overall Bytes Transferred
  • Lesson 8 - Interpret Basic Trace Files Statistics
  • Launch Wireshark Statistics
  • Identify Network Protocols and Applications
  • Protocaol Settings Can Affect Your Results
  • Identify the Most Active Conversations
  • List Endpoints and Map Them on the Earth
  • Spot Suspicious Targets with GeoIP
  • List Conversations or Endpoints for Specific Traffice Types
  • Evaluate Packet Lengths
  • List All IPv4/IPv6 Address in the Traffic
  • List All Destinations in the Traffic
  • List UDP and TCP Usage
  • Analyse UDP Multicast Streams
  • .
  • Graph the Flow of Traffic
  • Gather Your HTTP Statistics
  • Examine All WLAN Statistics
  • Lesson 9 Create and Apply Display Filters
  • Understand the Purpose of Display Filters
  • Create Display Filters Using Auto-Complete
  • Apply Saved Display Filters
  • Use Expressions for Filters Assistance
  • Make Display Filters Using Right-Click Filtering
  • Filer on Conversations and Endpoints
  • Filter of the Protocol Hiearchy Window
  • Understand Display Filter Syntax
  • Combine Display Filters with Comparison Operators
  • Alter Display Filter Meaning with Parentheses
  • Filter on the Existence of Filed
  • Filter on Specific Bytes in a Packet
  • .
  • Find Key Words in Uper or Lower Case
  • More Interesting Regex Filters
  • Let Wireshark Catch Display Filter Mistakes
  • Use Display Filter Macros for Complex Filtering
  • Avoid Common Display Filter Mistakes
  • Manually Edit the dfilters File
  • Lesson 10 Follow Streams and REassemble Data
  • The Basics of Traffice Reassembly
  • Follow and Reassemble UDP Conversations
  • Follow and Reassemble TCP Conversations
  • Follow and Reassemble SSL Conversations
  • Reassemble an SMB Transfer
  • Lesson 11 Customize Wireshark Profiles
  • Customize Wireshark with Profiles
  • Create a New Profile
  • Share Profiles
  • Create a Troubleshooting Profile
  • Create a Corporate Profile
  • Create a WLAN Profile
  • Create a VoIP Profile
  • Create a Security Profile
  • Lesson 12 Annotate, Save, Export and Print Packets
  • Annotate a Packet or an Entire Trace File
  • Save Filtered, Marked and Ranges of Packets
  • Export Packet, Content for Use in Other Programs
  • Export SSL Keys
  • Save Conversations, Endpoints, IO Graphs and Flow Graph Information
  • Export Packet Bytes
  • Lesson 13 Use Wireshark's Expert System
  • Let Wireshark's Expert Information Guide You
  • Understand TCP Expert Information
  • Lesson 14 TCP/IP Analysis Overview
  • TCP/IP Functionality Overview
  • Build the Packet
  • Lesson 15 Analyze Domain Name System (DNS) Traffic
  • The Purpose of DNS
  • Analyze Normal DNS Queries/Responses
  • Analyze DNS Problems
  • Dissect the DNS Packet Structure
  • Filter on DNS/MDNS Traffic
  • Lesson 16 Analyze Address Resolution Protocol (ARP) Traffic
  • Identify the Purpose of ARP
  • Analyze Normal ARP Requests/Response
  • Analyze Gratuitous ARPs
  • Analyze ARP Problems
  • Dissect the ARP Packet Structure
  • Filter on ARP Traffic
  • Lesson 17 Analyze Internet Protocol (IPv4/IPv6) Traffic
  • Identify the Purpose of IP
  • Analyze Normal IPv4 Traffic
  • Analyze IPv4 Problems
  • Dissect the IPv4 Packet Structure
  • An Introduction to IPv6 Traffic
  • Dissect the IPv6 Packet Structure
  • Basic IPv6 Addressing
  • Sanitze Your IP Addresses in Trace Files
  • Set Your IPv4 Protocol Preferences
  • Troubleshooting Encrypted Communications
  • Filter on IPv4 Traffic
  • Filer on IPv6 Traffic
  • Lesson 18 Analyze Internet Control Message Protocol (ICMPv4/ICMPV6) Traffic
  • The Purpose of ICMP
  • Analyze Normal ICMP Traffic
  • Analyze ICMP Problems
  • Dissect the ICMP Packet Structure
  • Basic ICMPv6 Functionality
  • Filter on ICMP and ICMPv6 Traffic
  • Lesson 19 Analyze User Datagram Protocol (UCP) Traffic
  • The Purpose of UDP
  • Analyze Normal UDP Traffice
  • Analyze UDP Problems
  • Dissect the UDP Packet Structure
  • Filter on UDP Traffic
  • Lesson 20 Analyze Transmision Control Protocol (TCP) Traffic
  • The Purpose of TCP
  • Analyze Normal TCP Communication
  • Analyze TCP Problems
  • Dissect the TCP Packet Structure
  • Filter on TCP Traffic
  • Set TCP Protocol Preferences
  • Lesson 21 Graph IO Rates and TCP Trends
  • Use Graphs to View Trends
  • Generate Basic IO Graphs
  • Filter IO Graphs
  • Generate Advanced IO Graphs
  • Compare Traffice Trends in IO Graphs
  • Graph Round Trip Time
  • Graph Throughput Rates
  • Graph TCP Sequence Numbers over Time
  • Lesson 22
  • Analyze Dynamic Host Configuration Protocol (DHCPv4/DHCPv6) Traffic
  • Analyze Hypertext Transfer Protocol (HTTP) Traffic
  • Analyze File Tranfer Protocol (FTP) Traffic
  • Analze Email Traffic
  • Introduction to 802.11 (WLAN) Analysis
  • Introduction to Voice over IP (VoIP) Analysis
  • Baseline "Normal" Traffic Patterns
  • Find the Top Causes of Performance Problems
  • Network Forensics Overview
  • Detect Scanning and Discovery Processes
  • Analyze Suspect Traffic
  • Effective Use of Command-Line Tools