TCP/IP Deep Dive with Wireshark for NetOps and SecOps
Published by Pearson
Let’s go deep into how these protocols work and how to analyze them.
- Develop a deep understanding of TCP/IP, which is critical for network engineers and all cybersecurity professionals
- Learn hands-on in class and practice new skills with Wireshark
- Identify network problems and cyber threats faster
TCP is much more than just a three-way handshake. This core protocol supports our mission-critical applications, our network services, and is used in sophisticated cyber attacks. Learning it, however, is another story. It is easy to get lost in the weeds when we open Wireshark and look at TCP flows. This course is designed to help you gain comfort with how this core protocol really works.
It is very important for network engineers and cybersecurity professionals alike to learn how to analyze TCP to resolve application problems, troubleshoot network connectivity issues, and identify cybersecurity threats quickly. This class will dive deep into the details of TCP with Wireshark, going far beyond the basic handshake and into sequence and acknowledgment numbers, SACK, MSS, and more. This will be an action-packed, fast-paced, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. All experience levels are welcome.
What you’ll learn and how you can apply it
By the end of the live online course, you’ll understand:
- How to analyze TCP retransmissions and receive window problems and MSS issues with Wireshark
- How to spot suspect TCP behavior, possible indicators of compromise
- How to use TCP data to quickly isolate a problem to a network, server, application, or client
And you’ll be able to:
- Use Wireshark to quickly troubleshoot network and application problems
- Filter for abnormal TCP patterns in network traffic
- Analyze TCP indicators to resolve sluggish applications
This live event is for you because...
You are a network engineer or SOC analyst who is responsible for analyzing traffic with Wireshark. Beginners will find that they are more comfortable with the Wireshark interface and how TCP establishes connections. Intermediate/Advanced analysts will pick up some new filters and profile tips to find network problems and threats faster.
Prerequisites
- Overall networking concepts – routing, switching, firewalls, and the basics of how packets flow through a network.
- It is not required to have a CCNA level of experience, however this would be a good starting point
Course Set-up
- Download Wireshark
Recommended Preparation
- Read: Wireshark Fundamentals: A Network Engineer’s Handbook to Analyzing Network Traffic by Vinit Jain
- Watch: Learning Path: Wireshark Library: Wireshark Fundamentals and Wireshark for Wireless LANs by Jerome Henry and James Garringer
Recommended Follow-up
- Read: CCNA 200-301 Official Cert Guide Library by Wendell Odom
- Watch: CCNA 200-301 by Kevin Wallace
- Watch: CompTIA Security+ SY0-601 by Sari Green
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1 (4 hours)
Segment 1: Wireshark: The Basics (80 minutes)
- How and where to capture data on the network
- Display filters all analysts should know
- Setting up a troubleshooting or cybersecurity profile
- Lab 1 – Intro to Wireshark
- Lab 2 – Display Filters
Break (20 minutes)
Segment 2: TCP/ IP Fundamentals (120 minutes)
- The Handshake and Options
- How Sequence/Ack Numbers work
- Analyzing Retransmissions
- Lab 3 – The TCP Handshake
- Lab 4 – Troubleshooting TCP Retransmissions
Q&A (20 minutes)
Day 2 (4 hours)
Segment 3: TCP – A little deeper (120 minutes)
- MSS vs MTU
- SACK and Window Scaling
- Troubleshooting Zero Windows
- Lab 5 – TCP Window Problems
- Lab 6 – SACK Analysis
Break (20 minutes)
Segment 4: Hunting For Threats with TCP (80 minutes)
- Analyzing TCP Scan Activity
- Filtering Quickly on Abnormal TCP Behavior
- Spotting Unusual TCP Ports and Conversations
- Lab 7 – Analyzing a SYN Attack
- Lab 8 – Finding NMAP Scans
Course wrap-up and next steps (20 minutes)
Your Instructor
Chris Greer
Chris Greer has traveled the world teaching Wireshark and the principals of protocol analysis to engineers of all experience levels. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packetweeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOCs in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced packet person. Find Chris on YouTube at https://www.youtube.com/c/ChrisGreer
Skills covered
- Wireshark
- TCP/IP