- Introduction to Wireshark
- – How Wireshark Works
- – Wireshark Folders, Plug-Ins, and Help
- – Command-Line Tools
- – Resources and References for Analysts
- WinPcap Essentials
- – CACE Technologies - AirPcap and Pilot
- Analyzer Placement
- – Location, Location, Location
- – Half-Duplex Hub-Out, Full-Duplex Tapping
- – Switch Port Spanning, Wireless Capture Options
- Capturing Packets
- – Active Interfaces
- – Capture to a File, Capture to a Ring Buffer
- – Open and Work with File Sets
- – Default Capture Filters, Create New Capture Filters
- – Avoid Dropped Packets
- Command-Line Capture
- – Tshark.exe, Rawshark.exe, Dumpcap.exe
| - Configuring Global Preferences
- – Customize the User Interface
- – Set Global Capture Preferences
- – Define Name Resolution Preferences
- – Alter Protocol Settings, My Favorite Preferences
- Navigation and Colorization Techniques
- – Go To a Specific Packet Number
- – Find Packets Based on Payload, Sort Columns
- – Use and Customize Packet Colors, Mark Packets
- Using Time Values and Summaries
- – Use the Default Time Column Setting and Precision
- – Use Time Between Packets
- – Set a Time Reference and View Capture Time
- – Troubleshooting with Time
- – Analyze Summary Information
- Examining Basic Trace File Statistics
- – Examine Protocol Hierarchies
- – View Network Connections, Network Endpoints
- – Evaluate Destinations
- – View IP Address Information
- – Evaluate Packet Lengths, Port Types
- – Examine Multicast Streams and Settings
| - Examining Advanced Trace File Statistics
- – Create IO Graphs, TCP Time-Sequence Graphs
- – Analyze Flow Graphs, Evaluate Service Response Times
- – Analyze BOOTP/DHCP Statistics, View HTTP Statistics
- – Create Round-Trip Time Graphs
- Creating Display Filters
- – Follow a TCP Stream
- – Create Filters from Conversations and Endpoints
- – Default Display Filters and Filter Syntax
- – Build and Save Filters Based on Packets, Filter on Payload Bytes
- – Use Expressions to Build Display Filter
- – Use Boolean Operands and Negatives
- – Manually Edit the Filter File
- Save, Export, and Print
- – Save Filtered, Marked, and Ranges of Packets
- – Chart Conversation/Endpoint/Flow Graph Information
- – Save and Reassemble Data Streams
- – Export Packet Information, Print Packets
- Expert System and Miscellaneous Tasks
- – Use Expert and Expert Info Composite Information
- – Analyze ACL Firewall Rules, Protocol Forcing
- – Merging Files, Zoom, Autoscroll, and Resizing Columns
- Using Command-Line Tools
- – tshark, dumpcap, capinfos, editcap, mergecap, text2pcap
| - TCP/IP Functionality Overview
- – Resources and References for Analysts
- – Capture on Hubbed, Switched, and Routed Networks
- – The TCP/IP Resolution Process
- – Packets Going the Wrong Way
- – Faults in the Resolution Process
- Analyze Traffic: Structure & Filtering
- – Normal Traffic vs. Unusual Traffic
| - DNS, ARP, IPv4, ICMP
- UDP, TCP, DHCP, HTTP
- Telnet, FTP, POP, SMTP
|