Troubleshooting TCP/IP Networks with Wireshark

Optimize TCP/IP networks with Wireshark . This hands-on, in-depth course provides the skills to isolate and fix network performance issues. Learn how Wireshark can solve your TCP/IP network problems by improving your ability to analyze network traffic.

1. Introduction to Network Analysis and Wireshark

• TCP/IP Analysis Checklist
• Top Causes of Performance Problems
• Get the Latest Version of Wireshark
• Capturing Traffic
• Opening Trace Files
• Processing Packets
• The Qt Interface Overview
• Using Linked Panes
• The Icon Toolbar
• Master the Intelligent Scrollbar
• The Changing Status Bar
• Right-Click Functionality
• General Analyst Resources
• Your First Task When You Leave Class

2. Learn Capture Methods and Use Capture Filters

• Analyze Switched Networks
• Walk-Through a Sample SPAN Configuration
• Analyze Full-Duplex Links with a Network TAP
• Analyze Wireless Networks
• USB Capture
• Initial Analyzing Placement
• Remote Capture Techniques
• Available Capture Interfaces
• Save Directly to Disk
• Capture File Configurations
• Limit Your Capture with Capture Filters
• Examine Key Capture Filters

3. Customize for Efficiency: Configure Your Global Preferences

• First Step: Create a Troubleshooting Profile
• Customize the User Interface
• Add Custom Columns for the Packet List Pane
• Set Your Global Capture Preferences
• Define Name Resolution Preferences
• Configure Individual Protocol Preferences

4. Navigate Quickly and Focus Faster with Coloring Techniques

• Move Around Quickly: Navigation Techniques
• Find a Packet Based on Various Characteristics
• Build Permanent Coloring Rules
• Identify a Coloring Source
• Use the Intelligent Scrollbar with Custom Coloring Rules
• Apply Temporary Coloring
• Mark Packets of Interest

5. Spot Network and Application Issues with Time Values and Summaries

• Examine the Delta Time (End-of-Packet to End-of-Packet)
• Set a Time Reference
• Compare Timestamp Values
• Compare Timestamps of Filtered Traffic
• Enable and Use TCP Conversation Timestamps
• Compare TCP Conversation Timestamp Values
• Determine the Initial Round Trip Time (iRTT)
• Troubleshooting Example Using Time
• Analyze Delay Types

6. Create and Interpret Basic Trace File Statistics

• Examine Trace File Summary Information
• View Active Protocols
• Graph Throughput to Spot Performance Problems Quickly
• Locate the Most Active Conversations and Endpoints
• Other Conversation Options
• Graph the Traffic Flows for a More Complete View
• Burst Statistics
• Numerous Other Statistics are Available
• Quick Overview of VoIP Traffic Analysis
• SIP and RTP Analysis Overview
• SIP Call Setup
• Analyzing Call Setup with SIP
• Session Bandwidth and RTP Port Definition

7. Focus on Traffic Using Display Filters

• Display Filters
• Filter on Conversations/Endpoints
• Build Filters Based on Packets
• Display Filter Syntax
• Use Comparison Operators and Advanced Filters
• Filter on Text Strings
• Build Filters Based on Expressions
• Watch for Common Display Filter Mistakes
• Share Your Display Filters

8. TCP/IP Communications and Resolutions Overview

• TCP/IP Functionality
• When Everything Goes Right
• The Multi-Step Resolution Process
• Resolution Helped Build the Packet
• Where Faults Can Occur
• Typical Causes of Slow Performance

9. Analyze DNS Traffic

• DNS Overview
• DNS Packet Structure
• DNS Queries
• Filter on DNS Traffic
• Analyze Normal/Problem DNS Traffic

10. Analyze ARP Traffic

• ARP Overview
• ARP Packet Structure
• Filter on ARP Traffic
• Analyze Normal/Problem ARP Traffic

11. Analyze IPv4 Traffic

• IPv4 Overview
• IPv4 Packet Structure
• Analyze Broadcast/Multicast Traffic
• Filter on IPv4 Traffic
• IP Protocol Preferences
• Analyze Normal/Problem IP Traffic

12. Analyze ICMP Traffic

• ICMP Overview
• ICMP Packet Structure
• Filter on ICMP Traffic
• Analyze Normal/Problem ICMP Traffic

13. Analyze UDP Traffic

• UDP Overview
• Watch for Service Refusals
• UDP Packet Structure
• Filter on UDP Traffic
• Follow UDP Streams to Reassemble Data
• Analyze Normal/Problem UDP Traffic

14. Analyze TCP Protocol

• TCP Overview
• The TCP Connection Process
• TCP Handshake Problem
• Watch Service Refusals
• TCP Packet Structure
• The TCP Sequencing/Acknowledgment Process
• Packet Loss Detection in Wireshark
• Fast Recovery/Fast Retransmission Detection in Wireshark
• Retransmission Detection in Wireshark
• Out-of-Order Segment Detection in Wireshark
• Selective Acknowledgement (SACK)
• Window Scaling
• Window Size Issue: Receive Buffer Problem
• Window Size Issue: Unequal Window Size Beliefs
• TCP Sliding Window Overview
• Troubleshoot TCP Quickly with Expert Info
• Filter on TCP Traffic and TCP Problems
• Properly Set TCP Preferences
• Follow TCP Streams to Reassemble Data 16. Examine Advanced Trace File Statistics
• Build Advanced IO Graphs
• Graph Round Trip Times
• Graph TCP Throughput
• Find Problems Using TCP Time-Sequence Graphs

15. Graph Traffic Characteristics

• Advanced I/O Graphing
• Graph Round Trip Times
• Graph TCP Throughput
• Find Problems Using TCP Time Sequence Graphs

16. Analyze HTTP Traffic

• HTTP Overview
• HTTP Packet Structure
• Filter on HTTP Traffic
• Reassembling HTTP Objects
• HTTP Statistics
• HTTP Response Time
• Overview of HTTP/2
• HTTP/2 Analysis Fundamentals
• HTTP /2 Frame Format
• Analyze Normal/Problem HTTP Traffic

17. Analyze TLS-Encrypted Traffic (HTTPS)

• Analyze HTTPS Traffic
• Encrypted Alerts
• Decryption Steps
• Filter on SSL

18. Review Your 10 Key Troubleshooting Steps

• Baseline "NormalTraffic
• Use Color
• Look Who's Talking: Examine Conversations and Endpoints
• Focus by Filtering
• Create Basic IO Graphs
• Examine Delta Time Values
• Examine the Expert System
• Follow the Streams
• Graph Bandwidth Use, Round Trip Time, and TCP Time/Sequence Information
• Watch Refusals and Redirections

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, security analysts, and those preparing for the Wireshark Certified Network Analyst exam.