Advanced TCP/IP training course description

An intensive advanced TCP/IP course focusing on the details of the protocols according to the RFCs. This course is designed to go into the technical details of the protocols and is not for those that are new to TCP/IP. A particular focus is on TCP and performance. Those more interested in routing protocols should see our Definitive IP routing for engineers course. It is expected that delegates are totally familiar with configuration addressing. Hands on sessions consist of protocol analysis using Wireshark.

What will you learn

• Analyse packets and protocols in detail.
• Troubleshoot networks using Wireshark.
• Find performance problems using Wireshark.
• Perform network forensics.

Advanced TCP/IP training course details

Advanced TCP/IP training course contents

• IP

Fragmentation and MTU issues, Path MTU discovery, Geolocation, unusual IP addresses, forwarding broadcasts, DiffServ, DSCP, ECN, assured and expedited forwarding. TTL usage in traceroute, Protocol field. Sanitising IP addresses in trace files. Wireshark and checksum errors.

• IPv6

The header. Extension headers. Traffic class and flow labels. Tunnelling. IPv6 and fragmentation.

• ARP

Requests, responses, gratuitous ARP, Proxy ARP, ARP poisoning.

• ICMP

ping, Round Trip Times, ICMP redirect, ICMP router advertisement and solicitation, Time Exceeded, Destination unreachable. ICMPv6: Similarity to ICMPv4, Neighbor discovery and the replacement of ARP. MLD.

• First hop redundancy

ICMP discovery, HSRP, VRRP, GLBP.

• IGMP

Multicast overview, multicast architecture, multicast addresses, IGMP v1, IGMPv2, IGMPv3.

• UDP

Use in broadcasts and multicasts. Port numbers.

• TCP

Connections, RST, FIN, sequence numbering, packet loss recovery, Fast recovery, RTO timeout, SACK, TCP flow control, receive window, congestion window, van Jacobsen, nagle, delayed ACKs, PSH, URG, TCP options, MSS, Window scaling, TCP timestamps. Congestion notification.
Hands on Troubleshooting with sequence numbers, Wireshark IO and TCP graphs to analyse performance. Window size issues.

• DHCP

DHCP header. Relationship to BOOTP. Discover, offer, request, decline, ACK, release. Lease, renewal and rebind times. Relay agents. DHCPv6

• DNS

Names and addresses, Resource Records, queries, responses, problems. MDNS.

• HTTP

Requests, methods, request modifiers, response codes. HTTPS. SSL, TLS. Proxies.
Hands on Redirects, recreating pages from packets.

• FTP

Commands, responses, passive/active mode.

• Email

SMTP, POP3, IMAP, commands responses.

• Voice and Video

RTP, RTCP, SIP. IP PBXs. Traffic flows.
Hands on Voice playback.

• SNMP

MIBs, GET, TRAP, polling.

• Performance

Baselining, high latency, Wireshark and timings, packet loss, redirections, small packets, congestion, name resolution.

• Security

Network forensics, scanning and discovery, suspect traffic. IPsec, SSH.

Learning path

Reviews