Troubleshooting and Securing TCP/IP Networks with Wireshark
In this lab-based course, you will gain the skills required to effectively troubleshoot and secure a TCP/IP network by analyzing network traffic with Wireshark as you prepare for the Wireshark Certification Exam. Spend half of your class time learning techniques to analyze traffic on poorly performing TCP/IP networks using the world's most popular analyzer, Wireshark. After that, you will learn to identify reconnaissance processes on the network and indications that a host is compromised. With the strong emphasis on hands-on lab exercises and real-world case studies in this course, you will gain skills you can use immediately following the class. On the last day of class, you will review Wireshark functionality, TCP/IP troubleshooting, and security.
Highlights
- Prepare for the Wireshark Certification Exam
- Place the analyzer properly for traffic capture on a variety of network types
- Review the TCP/IP Resolution Flowchart to identify where performance problems may occur
- Configure Wireshark for effective network troubleshooting
- Analyze slow network performance caused by latency problems
- Identify the location of and possible causes of packet loss on the network
- Analyze traffic from misconfigured networks and applications
- Review the evidence of network redirection
- Analyze network connections that are experiencing congestion
- Baseline network communications for comparative analysis
- Review the TCP/IP Resolution Flowchart to identify where security problems may occur
- Analyze various reconnaissance processes to identify possible targets
- Analyze Internet Control Message Protocol (ICMP) traffic to identify suspicious behavior
- Examine symptoms of TCP-based attacks and breaches
- Differentiate traffic from spoofed and non-spoofed host addresses
- Create firewall Access Control List (ACL) rules based on suspicious traffic
- Identify the location of signatures of various network breaches
Course Outline
1. Analyzer Placement
- Analyzing Hubbed Networks
- Analyzing Switched Networks
- Analyzing Routed Networks
- Analyzing WAN Links
- Tapping into Full-Duplex Links
- Capturing in Stealth Mode
- Obtaining Evidence Using a Honeypot
2. Normal Network Communications
- When Everything Goes Right
- The Multi-Step Resolution Process
- Building the Packet
3. Causes of Performance Problems
- Where Network Faults Occur
- Time is of the Essence
4. Wireshark Functions for Troubleshooting
- Using Pre-Defined Coloring Rules
- Basic and Advanced IO Graphs
- Use the Delta Time Value
- Analyze Expert Information
- Look Who's Talking
- Graph Bandwidth Use, Round Trip Time, and TCP Performance
- Flow Graphing
- Statistics (Various)
5. Latency Issues
- The Five Primary Points in Calculating Latency
- Plotting High Latency Times
- Free Latency Calculators
- Using the frame.time_delta Filter
6. Packet Loss and Retransmissions
- Packet Loss and Recovery - UDP vs. TCP
- Previous Segment Lost Events
- Duplicate ACKs
- TCP Retransmissions and Fast Retransmissions
- Out-of-Order Segments
7. Misconfigurations and Redirections
- Visible Misconfigurations
- Don't Forget the Time
8. Dealing with Congestion
- Shattered Windows
- Flooded Out
9. Baseline Network Communications
- Your First Task When You Leave Class
10. Unusual Network Communications
- Vulnerabilities in the TCP/IP Resolution Process
- Route Resolution
- Spotting Unacceptable Traffic
11. Reconnaissance Processes
- Port Scans
- Mutant Scans
- IP Scans
- Application Mapping
- OS Fingerprinting
12. Analyzing ICMP Traffic
- ICMP Types and Codes
- ICMP Discovery
- Router Redirection
- Dynamic Router Discovery
- Service Refusal
- OS Fingerprinting
13. TCP Security
- TCP Segment Splicing
- TCP Fake Resets
14. Address Spoofing
- MAC Address Spoofing
- IP Address Spoofing
15. Building Firewall ACL Rules
- Overview of ACL Rule Types
16. Signatures of Attacks
- Signature Locations
- Header Signatures
- Sequencing Signatures
- Payload Signatures
- Obtaining Signatures
- Attacks and Exploits
- Password Cracks
- Denial of Service Attacks
- Redirections
17. Wireshark Functionality Review
18. Troubleshooting Review
19. Network Security Review
Space is limited. Register today to save your space!