Analyzing Network Traffic with Wireshark

Paths

Analyzing Network Traffic with Wireshark

Authors: Ross Bagurdes, Christopher Greer, Chris Behrens

This path focuses on the skills and knowledge required to analyze network traffic using Wireshark. You’ll begin with the basics of network packet analysis before delving into... Read more

What You Will Learn

  • Wireshark basic functionality
  • Using advanced Wireshark features
  • Visualizing network traffic with Wireshark
  • Using Wireshark on the command line
  • Analyzing network protocols with Wireshark
  • Troubleshooting slow networks with Wireshark

Pre-requisites

  • Networking basics or have watched the Pluralsight Networking Fundamentals path

Analyzing Network Traffic with Wireshark

This path focuses on the skills and knowledge required to analyze network traffic using Wireshark. You’ll begin with the basics of network packet analysis before delving into using wireshark to analyze, visualize, and troubleshoot networks. You’ll also be immersed in network protocol analysis and using Wireshark on the command line. One thing to note is that these courses and concepts are not just for Network Engineers. Wireshark is a valuable tool for software developers and sysadmins as well. By the end of this path, you’ll be confident in your ability to make full use of Wireshark’s capabilities.

Getting Started with Wireshark

by Ross Bagurdes

Oct 29, 2018 / 3h 17m

3h 17m

Start Course
Description

In this course, Getting Started with Analyzing Network Traffic Using Wireshark, you will learn that Wireshark is a powerful and free utility used by network engineers, system administrators, and developers alike. First, you will get started with packet capture operation. Then, you will explore how to provide a primer on the Wireshark interface as well as how to interpret the data collected. Finally, you will discover how to use capture filters and display filters to isolate needed traffic, the basics of TCP operation, as well as examine the protocol used when downloading a simple HTTP website. This is an excellent course for someone who is knowledgeable about network operation but would like to dive deeper into protocol analysis.

Table of contents
  1. Course Overview
  2. Examining the OSI Model, Protocols, and Headers
  3. Getting Started with Wireshark
  4. Capturing Traffic
  5. Examining Encapsulation and the Wireshark Dissector
  6. Using Display Filters
  7. Getting Started with TCP Analysis

Analyzing Network Protocols with Wireshark

by Christopher Greer

Dec 20, 2019 / 2h 7m

2h 7m

Start Course
Description

There are billions of packets flying through the network every minute. Which ones matter? Which ones hold the keys to troubleshooting network and application problems? In this course, Analyzing Network Protocols with Wireshark, you’ll gain the ability to capture, interpret, and dissect network problems at the packet level. First, you’ll explore core protocols and services, such as ARP, IPv4, and DHCP. Next, you’ll discover how the UDP and DNS protocols work. Finally, you’ll learn to analyze HTTPs and TLS based application traffic. When you’re finished with this course, you’ll have the skills and knowledge of packet analysis with Wireshark needed to isolate and resolve network problems.

Table of contents
  1. Course Overview
  2. Why Are Core Network Protocols so Important to Understand?
  3. Using Wireshark to Analyze ARP
  4. Using Wireshark to Analyze IPv4, IPv6 , and ICMP
  5. Using Wireshark to Analyze Core Services – UDP, DHCP, and DNS
  6. Using Wireshark to Analyze Core Applications - FTP, HTTPs, and SSL

Foundational TCP Analysis with Wireshark

by Christopher Greer

Mar 11, 2020 / 2h 7m

2h 7m

Start Course
Description

"The network is slow!" "The application is broken!" "We are being hacked!" Sound familiar? In this course, Foundational TCP Analysis with Wireshark, you will gain the ability to troubleshoot and resolve network problems by harnessing the power of TCP. First, you will learn how TCP connections are established and maintained. Next, you will discover how data is retransmitted during data loss. Finally, you will explore how to quickly find, interpret, and resolve TCP problems using the Wireshark protocol analyzer. When you are finished with this course, you will have the skills and knowledge of the TCP protocol and Wireshark needed to hunt down network problems and resolve them for good.

Table of contents
  1. Course Overview
  2. What Is TCP?
  3. Mastering the TCP Handshake
  4. Understanding Sequence and Acknowledgement Numbers
  5. Interpreting the TCP Receive Window
  6. Analyzing Retransmissions and Duplicate Acks

Mastering TCP Analysis with Wireshark

by Christopher Greer

May 14, 2020 / 2h 21m

2h 21m

Start Course
Description

The network is slow! People still say it. In this course, Mastering TCP Analysis with Wireshark, you will gain the ability to quickly identify and isolate network problems, whether TCP is the root cause or not. First, you will learn how TCP recovers from a lossy network. Next, you will discover how the often-confusing TCP congestion control mechanism works. Finally, you will explore how to visualize TCP flows to quickly hone in on problem spots. When you are finished with this course, you will have the skills and knowledge of TCP needed to isolate and resolve network and application performance issues.

Table of contents
  1. Course Overview
  2. Understanding Selective Acknowledgement (SACK)
  3. Understanding the Congestion Window
  4. Troubleshooting TCP with Wireshark
  5. Visualizing TCP with Wireshark

Using Intermediate Wireshark Features

by Chris Behrens

Jun 25, 2020 / 2h 1m

2h 1m

Start Course
Description

When you need to take a closer look at network traffic, Wireshark is the go-to tool for most network engineers. ​In this course,​ ​Using Intermediate Wireshark Features​, you’ll learn to​ move beyond the basics with Wireshark. First, you’ll explore​ the networking fundamentals that underpin Wireshark. ​Next, you’ll discover​ how to analyze  HTTP and HTTPS traffic with Wireshark. ​Finally, you’ll learn how to​ customize and automate Wireshark. ​When you’re finished with this course, you’ll have the skills and knowledge of​ Wireshark ​needed to​ take your network analysis to the next level. 

Table of contents
  1. Course Overview
  2. Understanding the Science Behind Wireshark
  3. Capturing and Analyzing HTTP and Other Traffic
  4. Capturing and Analyzing Application-specific Traffic
  5. Digging Deeper with Intermediate Traffic Analysis
  6. Understanding GeoIP and TShark

Visualizing Network Traffic with Wireshark

by Christopher Greer

Jul 14, 2020 / 1h 35m

1h 35m

Start Course
Description

As a network analyst it can be easy to get lost in the details of a packet trace, when troubleshooting a network problem. In this course, Visualizing Network Traffic with Wireshark, you’ll gain the ability to troubleshoot network problems using the traffic graphing features. First, you’ll explore how to measure overall throughput using the I/O graph. Next, you’ll discover how to use the TCP Stream graphs to troubleshoot slow file transfers over TCP. Finally, you’ll learn how to track client and server dependencies and spotlight problem connections with the Flow Graph. When you’re finished with this course, you’ll have the skills and knowledge necessary to use the Wireshark graphs to quickly pinpoint problems with throughput and slow network transfers.

Table of contents
  1. Course Overview
  2. Troubleshooting with the I/O Graph
  3. Analyzing TCP with Stream Graphs
  4. Analyzing TCP Throughput and Round Trip Time
  5. Understanding the Flow Graph

Using Wireshark Command Line Tools

by Betty DuBois

Jul 28, 2020 / 1h 50m

1h 50m

Start Course
Description

Packets are often referred to as the ultimate source of computer network truth. Security Engineers need them to examine and manage security threats or breaches quickly. Network Engineers demand them to get to the root cause of an issue before the user experience is affected. Software Engineers require them to measure response times across variable speed networks to adjust timers within the code. In this course, Using Wireshark Command Line Tools, you'll learn to use tshark, dumpcap, editcap, and mergecap to capture, filter, convert and analyze the packets flying across the network. First, you'll explore configuring a Windows machine to have Wireshark CLI tools in its PATH statement, determining which tool is best to capture packets in a given scenario, and differentiating between capture and display filters, and exploring examples using filter syntax. Next you'll combine hundreds of pcap files into a single file and extract only the packets necessary to respond to a trouble ticket or log event. Finally, you'll learn how to analyze the packets using statistics, including how to locate the top TCP conversation or IPv4 talker, identify network congestion or a security threat. When you’re finished with this course, you’ll have the skills and knowledge of Wireshark Command Line tools needed to capture and filter packets, and also convert and analyze packet capture files (pcaps).

Table of contents
  1. Course Overview
  2. Capturing Packets Using Dumpcap and Tshark
  3. Filtering Packets Using Dumpcap, Tshark, and Editcap
  4. Managing Pcaps Using Editcap and Mergecap
  5. Analyzing Pcaps Using Tshark

Troubleshooting Slow Networks with Wireshark

by Christopher Greer

Jun 5, 2019 / 3h 2m

3h 2m

Start Course
Description

It's easy for network admins to become bogged down in slow networks. In this course, Troubleshooting Slow Networks with Wireshark, you will learn to capture and interpret network packet data to solve performance problems. First, you will learn how and where to properly capture packets with Wireshark. Next, you will discover how to measure network and application response time. Finally, you will explore how to use built-in features in Wireshark designed to quickly spotlight performance problems. When you’re finished with this course, you will have the skills and knowledge with Wireshark needed to resolve these network problems for good.

Table of contents
  1. Course Overview
  2. Collecting The Right Data: Where and How?
  3. Analyzing End User and Application Behavior
  4. Measuring Network and Application Response Time
  5. Identifying Common Causes of Slow Networks
  6. Features in Wireshark for Resolving Slowness

Wireshark Traffic Analysis: Customizing the Interface, ARP, ICMP, and DNS

by Ross Bagurdes

Dec 27, 2018 / 3h 17m

3h 17m

Start Course
Description

Network engineers can quickly become frustrated with unusual network performance issues. While most engineers are familiar with ARP and know how to clear a cache on a device, and they use ping regularly to troubleshoot networks, understanding both ARP and ICMP operation at the packet level will bring a new way to quickly solve network issues. In this course, Wireshark Traffic Analysis: Customizing the Interface, ARP, ICMP, and DNS, you will gain the ability to use Wireshark captures to detect and understand network issues causing performance problems. First, you will see how to customize the Wireshark interface, creating profiles for unique troubleshooting situations. Next, you will discover ARP operation, what it means, and how to use it to identify specific behaviors of network traffic. Finally, you will explore how to analyze ICMP types and codes in Wireshark, so you can use it to troubleshoot networks in a new way. When you are finished with this course, you will have the skills and knowledge of Wireshark protocol analysis needed to analyze and troubleshoot ARP, ICMP, and DNS traffic on your network.

Table of contents
  1. Course Overview
  2. Customizing the Wireshark Interface
  3. Troubleshooting Layer 2 Issues with ARP
  4. Introducing ICMP to Troubleshoot Networks
  5. Troubleshooting Using ICMP Error Messages
  6. Examining and Troubleshooting DNS