Day 1: Network analysis overview
- ISO OSI reference model. Protocols, services, applications.
- TCP/IP networksessentials. Protocols: Ethernet,ARP,IP,ICMP,DHCP,TCP,UDP,FTP,HTTP.
- Troubleshooting tools, methodologies.
Introduction to Wireshark
- What is Wireshark? Portable Wireshark. Resources.
- Wireshark GUI structure: Panes (Packet List, Details, Packet Bytes), Status Bar, … .
- Architecture and processing flow. What and why cannot be seen with Wireshark?
- Supported protocols. Dissectors.
- Preferences and configurations; global and profile specific.
- Time values.
- Lab exercises.
Day 2: Capture Traffic
- Things to consider before start.
- Promiscuous mode.
- Capture filters.
- Automatic stop criteria.
- Lab exercises.
Traffic analysis: tools and approaches
- Analysis checklist.
- Quantitative analysis. (a) Basic predefined descriptive statistics and summaries: Capture Properties, Protocol Hierarchy, Conversations, Endpoints, Packets Lengths, IPspecific. (b) Protocol specific analysis (e.g.: TCP Stream Graphs).
- Flow visualization.
- Filtering traffic: Display filters, following stream.
- Using features: nameresolution,colorization,marking,ignoring,commenting,usingtimereferences, time shifts, … .
- Accessing options through Right-Click functionality.
- Understanding Expert System.
- Interpretation (reference patterns), OS/driver Offload features impact.
- Saving results
- Lad exercises and case studies
Day 3 Traffic analysis: common issues in network performance assessment
- Cause of performance problems.
- Packet loss.
- Bandwidth issues. Layered approach to measurement.
- Latency: assessing end to end latency, visualization.
- Lab exercises.
Traffic analysis: protocols
- Application layer: HTTP, FTP.
- Transport Layer: TCP, UDP.
- (a) Packet loss and recovery. (b) Previous segment lost and Out-of-Order Segments events. (c) Duplicate TCP ACKs and Fast Retransmissions. (d) TCP Retransmissions. (e) TCP Zero Window, Window changes and other window problems.
- Network Layer: IPv4, fragmentation.
- Data-Link Layer: Ethernet II.
- Lab exercises and case studies (vulnerabilities in the IP and TCP protocols).