1. Overview of Wireshark
- Basic Wireshark functionality
- Platforms supported
- Wireshark functions
- Special hardware: AirPCAP, TurboPCAP
- OSI Reference Model
- Protocol Layers in practice
2. Using Wireshark – User Interface and Navigation
- Configuring the Panes
- Wireshark Toolbars
- Decode and Hexview
- Meta information
- Status bar
- Dropped Frames – 1GB Capture Example
- Configuration
- Column Configuration
- Delta Time Settings
- Relative Time and Cumulative Bytes
- Search function
- Marking Frames
- Filtering and Filter Types
- Display Filters
- Logical Operators
- Negative Filters
- Capture Filters
- Interface list options
- Capture Filter List
- Filter References
- File Management
- Extracting and Exporting files
3. Additional Configuration Options and Tools
- Name Resolution
- MAC Address Name Resolution
- Network Name Resolution
- Manual Network Name Resolution
- Protocol Name Resolution
- GeoIP Localization
- Colour Settings
- Packet Colorization
- Hands-On
- Protocol Reassembly
- Reassembly: Pro and Con
- Wireshark Peculiarities Offloading, Padding, etc
- Wireshark point of capture
- Erroneous Checksum Report
- Invalid Packet Size
- Configuration Profiles
- Configuration File Paths
- Commandline Tools
- tshark
- dumpcap
- editcap
- mergecap
4. Functions and Statistics
- Functions and Statistics
- Baselining
- Hosts, Sessions, Protocols
- Summary Statistics
- Endpoint List
- Endpoint List Filters
- Conversations
- Protocol Hierarchy
- I/O and TCP Stream Graphs
- Flow Graph
- Wireshark Expert
- Service Response Time
5. Analysis of Fundamentals
- Network, Server, Client, or Application?
- Step 1: Describe the Problem
- Step 2: Planning the Capture
- Step 3: Capture the data
- Capturing at the server
- Selecting the Point of Capture
- Capturing on a Switch
- Capturing with Hubs/Mini Switches
- Response time, Throughput, Overhead, Throughput and Overhead
6. Troubleshooting
- Troubleshooting – Introduction
- Correcting problems
- Typical Network Problems
- Layer 2, Layer 3
- Layer 4
- Typical Application Problems
- Performance Factors
- Application Types
- Application Design Errors
- Performance Parameters
- Determining Actual Performance
- Throughput: Measuring Bandwidth
- Measuring Response Times
LAB Exercises
- 1–1 Installing Wireshark
- 2–1 Column Configuration
- 2–2 Searching in a Trace
- 2–3 Display Filter
- 2–4 Capture Filters
- 3–1 Searching in a Trace
- 3–2 TCP Re-Assembly
- 4–1 TCP Graphs
- 4–2 Service Response Times
- 5–1 Display Filter
- 6–1 Troubleshooting Case Study