Analyzing Network Security Using Wireshark

Master the art of network security with our Wireshark course, designed for aspiring network security professionals looking to excel in analyzing and troubleshooting today's complex security protocols.

Course Thumbnail

Essential Skills Gained

Checkmark

Capture and analyze network traffic.

Checkmark

Identify and understand network security protocols and mechanisms.

Checkmark

Develop Wireshark profiles, filters, and coloring rules for analysis.

Checkmark

Use Wireshark's statistical and decryption tools effectively.

Format

  • Instructor-led
  • 4 days with lectures and hands-on labs.

Audience

  • Security professionals
  • Network administrators
  • Network security engineers
  • Developers

Description

Industry expert Dr. Avril Salter teaches this 4-day instructor-led Wireshark Training course. You’ll learn how to use Wireshark to understand common network security protocols that are deployed in IP networks today, including:

  • Telnet & SSH
  • TLS both the legacy versions & the new version 1.3
  • Key IPsec protocols, which includes IKE, ISAKMP, AH, & ESP
  • 802.1X port-based access control, which encompasses RADIUS, EAP & EAPoL
Network security protocols are designed to ensure the privacy and integrity of data that is transitioning our networks and prevent unauthorized access. They define the processes and message exchanges to protect networks from illegitimate attempts to capture and extract meaningful information about the network or the data carried over the network. In this Wireshark training course, you’ll capture traffic and identify the security protocols implemented in today’s enterprise networks. This is a deep dive analysis of network security protocols. You will also understand key capabilities in Wireshark that can be used to analyze and troubleshoot network traffic to identify security issues, including:
  • Defining Wireshark security profiles
  • Using Wireshark capture and display filters to identify protected and unprotected traffic
  • Coloring rules
  • Using relevant Wireshark statistical tools
  • Leveraging Wireshark decryption capabilities
Instructor and author Dr. Avril Salter, CCNP-W, CCNA-S, has extensive experience in packet-level network security analysis and frequently lectures on this topic. She is a guest instructor at numerous telecommunications and network companies, teaching their internal staff to perform network security analysis on the equipment that they design and manufacture. This experience gives Dr. Salter the unique, industry-wide perspective that she brings to the classroom.

Calendar icon

Upcoming Course Dates

No upcoming dates. Please check back later.

Course Outline

Download PDF

Module 1: Getting Started with Wireshark

  1. The ethics of capturing wireless traffic

  2. Understanding what Wireshark does and doesn’t do

  3. Installing Wireshark and doing a live capture

  4. Exporting and saving packet captures

  5. Cryptography

  6. A close look at Telnet

  7. Labs: Telnet

    • Part 1: Live packet capture and timestamps

    • Part 2: Export package and Telnet port numbers

    • Part 3: Changing columns and Telnet authentication

Module 2: Deep Dive Analysis of Secure Shell (SSH)

  1. Leveraging Wireshark’s packet search capabilities

  2. Using capture filters

  3. Analyzing traffic with display filters

  4. Public and private cryptography

  5. Hashing algorithms

  6. A close look at SSH

  7. Labs: SSH

    • Part 1: Display filters and SSH service requests

    • Part 2: Expressions and SSH performance

    • Part 3: Filtering TCP conversations

Module 3: Deep Dive Analysis of Transport Layer Security (TLS)

  1. Creating coloring rules to identify key security issues

  2. Diffie-Hellman key agreement protocol

  3. Shared secret

  4. Digital certificates

  5. A close look at SLS/TLS

  6. Labs: TLS

    • Part 1: Coloring rules and TLS versions

    • Part 2: Colorizing packets and TLS 1.2 security attributes

    • Part 3: Compare and contrast TLS 1.2 and TLS 1.3

    • Part 4: TLS 1.3 0-RTT

Module 4: Deep Dive Analysis of Internet Key Exchange

  1. Defining your preferences

  2. Creating configuration profiles

  3. Random nonces

  4. Security Association (SA)

  5. A close look at IKE

  6. Labs: IKE

    • Part 1: Configuration profiles and ISAKMP

    • Part 2: Establishing and IKE security association

Module 5: Deep Dive Analysis of IPsec

  1. Leveraging Wireshark statistics in analyzing network traffic

  2. Authentication, encryption and message integrity

  3. Decryption traffic in Wireshark

  4. A close look at AH

  5. A close look at ESP

  6. Labs: IPsec

    • Part 1: Statistics and IPSEC AH

    • Part 2: Decryption and IPSEC ESP

Module 6: Deep Dive Analysis of Network Access Security

  1. Merging packet captures

  2. Authentication protocols

  3. A close look at IEEE 802.1X

  4. Analyzing RADIUS messages

  5. A close look at EAP and EAP Authentication methods

  6. Analyzing EAPoL messages

  7. Wi-Fi Protected Access (WPA)

  8. Labs: 802.1X

    • Part 1: 802.1X USING PEAP AND RADIUS

    • Part 2: EAPOL and the 4-Way Handshake

    • WPA2-Enterprise authentication

Module 7: Supplemental Material

  1. A look at Layer 2 Tunneling Protocol (L2TP)

  2. A look at the new QUIC protocol

  3. Labs: Supplemental labs

    • Layer 2 Tunneling Protocol (L2TP)

    • Quick UDP Internet Connections (QUIC)

Your Team has Unique Training Needs.

Your team deserves training as unique as they are.

Let us tailor the course to your needs at no extra cost.