Speak to our team now +44 (0)1737 821590

Wireshark Certified Network Analyst

A 5 day
HANDS ON
training course

WCNA training course description

Wireshark is a free network protocol analyser. This hands-on course provides a comprehensive tour of using Wireshark to troubleshoot networks. The course concentrates on the information needed in order to pass the WCNA exam. Students will gain the most from this course only if they already have a sound knowledge of the TCP/IP protocols.

Key outcomes from this course

By the end of the course delegates will be able to:
  • Download and install Wireshark.
  • Capture and analyse packets with Wireshark.
  • Configure capture and display filters.
  • Customise Wireshark.
  • Troubleshoot networks using Wireshark.

WCNA training course details

Who will benefit:
Technical staff looking after networks.
Prerequisites:
TCP/IP Foundation.
Duration:
5 days

Training approach

This structured training course seeks to build upon workbook learning through the use of group exercises, dynamic discussion and individual tasks in order to deliver an engaging and interactive module that will ensure all candidates are able to transfer their new skills into the workplace.

Overall ratings for this course:

Course review


"Hard concepts were explained very simply."
J. S., Framestore CFC
"Excellent presentation - very good course structure."
B. M., London Internet Exchange

WCNA training course contents


What is Wireshark?
Network analysis, troubleshooting, network traffic flows.
Hands on: Download/install Wireshark.

Wireshark introduction
Capturing packets, libpcap, winpcap, airpcap. Dissectors and plugins. The menus. Right click.
Hands on: Using Wireshark.

Capturing traffic
Wireshark and switches and routers. Remote traffic capture.
Hands on: Capturing packets.

Capture filters
Applying, identifiers, qualifiers, protocols, addresses, byte values. File sets, ring buffers.
Hands on: Capture filters.

Preferences
Configuration folders. Global and personal configurations. Capture preferences, name resolution, protocol settings. Colouring traffic. Profiles.
Hands on: Customising Wireshark.

Time
Packet time, timestamps, packet arrival times, delays, traffic rates, packets sizes, overall bytes.
Hands on: Measuring high latency.

Trace file statistics
Protocols and applications, conversations, packet lengths, destinations, protocol usages, strams, flows.
Hands on: Wireshark statistics.

Display filters
Applying, clearing, expressions, right click, conversations, endpoints, protocols, combining filters, specific bytes, regex filters.
Hands on: Display traffic.

Streams
Traffic reassembly, UDP and TCP conversations, SSL.
Hands on: Recreating streams.

Saving
Filtered, marked and ranges.
Hands on: Export.

TCP/IP Analysis
The expert system. DNS, ARP, IPv4, IPv6, ICMP, UDP, TCP.
Hands on: Analysing traffic.

IO rates and trends
Basic graphs, Advanced IO graphs. Round Trip Time, throughput rates.
Hands on: Graphs

Application analysis
DHCP, HTTP, FTP, SMTP.
Hands on: Analysing application traffic.

WiFi
Signal strength and interference, monitor mode and promiscuous mode. Data, management and control frames.
Hands on: WLAN traffic.

VoIP
Call flows, Jitter, packet loss. RTP, SIP.
Hands on: Playing back calls.

Performance problems
Baselining. High latency, arrival times, delta times.
Hands on: Identifying poor performance.

Network forensics
Host vs network forensics, unusual traffic patterns, detecting scans and sweeps, suspect traffic.
Hands on: Signatures.

Command line tools
Tshark, capinfos, editcap, mergecap, text2pcap, dumpcap.
Hands on: Command tools.

Why Choose Us

SNT trainers score an average of over 90% on the three main areas of:
  • Ability to teach
  • Technical knowledge
  • Answering questions
“Excellently presented by a very knowledgeable and enthusiastic trainer.” P.D. General Dynamics

We limit our maximum class size to 8 delegates; often we have less than this. This ensures optimal interactivity between delegates and instructor.
"Excellent course. The small class size was a great benefit…" M.B. IBM

We write our own courses; courseware does not just consist of slides and our slides are diagrams not bullet point text. A typical chapter provides clearly defined objectives with a chapter overview, slides with text underneath, a quiz at the end to check the learning of the students. Hands on exercises are at the end and are used to reinforce the theory.

See Dates & Prices for this course

To enquire about this course

To reserve this course online