Advanced Network Troubleshooting Using Wireshark

Description
This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants with advanced capabilities for network troubleshooting. The course provides an in-depth knowledge of network behaviour and problems, along with the capabilities to isolate and solve security and advanced applications problems. The course is based on theory, class exercise and labs.

Objectives
By the end of the course, the participant will be able to:

• To explore in depth performance issues of TCP/IP
• To use advanced Wireshark tools and the Wireshark CLI
• To explore failures due to delay and Jitter in the networks
• To find and resolve problems due to bandwidth, throughput and packet loss
• Detect security failures and security breaches on the network
• Identify and locate faults in communication's applications – http, ftp, mail and others
• Identify and locate faults in various applications – Microsoft OS problems, databases, Voice and video over IP and others

Topics

• Wireshark statistical tools and how to work with them
• In-depth analysis of TCP performance issues
• Bandwidth, throughput, delay and jitter issues
• Packet losses and problem analysis
• Advanced analysis of applications
• Analyzing security problems

Target Audience
R&D, engineering and technical Support, IT and communication Managers

Prerequisites
In-depth knowledge of the TCP/IP protocol stack, along with participating in the “Basic Network Troubleshooting using Wireshark” course or equivalent knowledge. The participants should bring their laptops with Wireshark software (free download from the site - www.wireshark.org)

Duration
2 Days

Outline

• Configuring Wireshark Tools for Troubleshooting
  • Basic and advanced statistics tools
  • Basic and advanced usage of the IO Graphs
  • Use the Delta Time value
  • Graph bandwidth usage, Round Trip Time, and TCP performance
  • Flow graphing
  • CLI and advanced Wireshark tools
  • Lab exercises and case studies
• Bandwidth Issues
  • Bandwidth measurement
  • User/flow throughput calculations
  • Applications throughput calculations
  • Bandwidth and throughput problems
  • Lab exercises and case studies
• Latency Issues
  • The primary points in calculating latency
  • Plotting high latency times
  • Free latency calculators
  • Using the frame.time_delta filter
  • Lab exercises and case studies
• Packet Loss and Retransmissions
  • Packet loss and recovery - UDP and TCP
  • Previous segment lost and Out-of-Order Segments events
  • Duplicate ACKs and Fast Retransmissions
  • TCP Retransmissions
  • Zero window, Window changes and other window problems
  • Lab exercises and case studies
• The Expert System Advance Usage
  • Dealing with congestion - shattered windows and flooding
  • Baseline network communications
  • Unusual network communications
  • Vulnerabilities in the TCP/IP resolution process
  • Lab exercises and case studies
• Who is talking?
  • Port Scans
  • Mutant Scans
  • IP Scans
  • Application Mapping
  • OS Fingerprinting
  • Lab exercises and case studies
• Advanced Analyzing of ICMP Traffic
  • ICMP Types and Codes
  • Router redirection and dynamic router discovery
  • Service refusal
  • OS fingerprinting
  • Discovering attacks
  • Lab exercises and case studies
• Advanced Protocols and Applications
  • Security and tunnelling
  • Authentication and privacy
  • Database operation
  • Voice and Video over IP
  • Lab exercises and case studies
• TCP/IP Security
  • TCP segment splicing
  • TCP fake resets
  • MAC address spoofing
  • IP address spoofing
  • Attacks signatures and signature locations
  • Header and sequencing signatures
  • Attacks and exploits
  • Password cracks
  • Denial of service Attacks
  • Redirections
  • Lab exercises and case studies