Getting Started with Analyzing Network Traffic Using Wireshark

This course will introduce you to Wireshark operation, and provide the skills needed to capture traffic, filter out unneeded messages, and analyze the protocols in use.
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 29, 2018
Duration
3h 17m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 29, 2018
Duration
3h 17m
Description

In this course, Getting Started with Analyzing Network Traffic Using Wireshark, you will learn that Wireshark is a powerful and free utility used by network engineers, system administrators, and developers alike. First, you will get started with packet capture operation. Then, you will explore how to provide a primer on the Wireshark interface as well as how to interpret the data collected. Finally, you will discover how to use capture filters and display filters to isolate needed traffic, the basics of TCP operation, as well as examine the protocol used when downloading a simple HTTP website. This is an excellent course for someone who is knowledgeable about network operation but would like to dive deeper into protocol analysis.

About the author
About the author

For nearly 20 years, Ross has taught and managed data networks.

More from the author
5G Networks: Executive Briefing
Beginner
27m
Jun 4, 2019
More courses by Ross Bagurdes
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Ross Bagurdes, and welcome to my course, Getting Started with Wireshark. I'm a network engineer with more than 20 years experience building enterprise networks and teaching people about them. Prior to the advent of Wireshark in 1998, engineers required extremely expensive proprietary equipment to capture and analyze traffic or they may even use an oscilloscope to translate wave forms into ones and zeros and then later construct those ones and zeros into frames, packets, segments, and data. That was a very sophisticated task, but today, we have Wireshark, which is supported by a brilliant group of engineers around the world provides the ability to analyze multitudes of different protocols used in network communication and is absolutely free. Understanding how to analyze protocols can make troubleshooting network issues much easier and make you feel like a network engineering superhero when solving application and network issues. In this course, I will introduce you to the Wireshark application itself, as well as protocol analysis. Some of the major topics we're going to cover are getting started with protocol analysis itself, installing and understanding Wireshark operation, we'll look at how to capture traffic and begin protocol analysis, we're going to learn how to use display filters to isolate the traffic we need to analyze, and we're going to understand the fundamentals of TCP operation and use Wireshark to examine TCP sessions. By the end of this course, you'll be able to use Wireshark to capture website traffic, filter out the required messages, and observe the clear text web data contained in the TCP session. This course will open up opportunities for you to use your skills to capture, examine, and analyze traffic on any network and allow you to feel comfortable learning more about protocol analysis in future courses and in your own studies. I hope you'll join me on this journey to learn to use Wireshark to capture and analyze traffic with the Getting Started with Wireshark course, at Pluralsight.

Examining the OSI Model, Protocols, and Headers
Hi everybody. I'm Ross Bagurdes, and welcome to Pluralsight. This course is Getting Started with Traffic Analysis Using Wireshark, and we're going to start off by examining data encapsulation. This is going to help us understand how Wireshark organizes information in the interface, as well as give us the basic primmer of how data encapsulation works and how we can use it to troubleshoot network issues. Our goals, this module, are going to be to first take a look at what surfing the web looks like from a network analysis standpoint. Next, we're going to take a look at what protocols are used to download a website. We're going to examine protocol hierarchy and see how these protocols interact with each other and how they must be in a certain order, we're going to then use that to jump into encapsulation, and finally, use that to look at how the OSI model relates to this and how it's going to be organized in Wireshark. Let's just get started with surfing the web. When we're surfing the internet, we go on our computer and maybe we're trying to get to Pluralsight. com, so we type Pluralsight. com in our browser, right, and then that sends a message over to the Pluralsight website that says hey I need the website for Pluralsight. com, could you send that to me. Pluralsight. com then says yeah, I have that website here, let me bundle that up in some messages and send it across the internet to your computer so now you can view Pluralsight. com. Now that's a remarkably oversimplified version of what's happening here and the idea of this course is to really do a deep dive and to find out what's exactly happening when this transaction occurs.

Getting Started with Wireshark
Hi everybody. I'm Ross Bagurdes, and welcome to Pluralsight. This next module, we're going to get started with Wireshark, and what I'd like to do is first continue on with the conversation we were having about protocol organization in Wireshark. So I'd like to do a brief demonstration of Wireshark where we just look at the protocol header information and how it's organized. This is going to be just a preview of what Wireshark looks like and a brief introduction to the interface. After that, what we're going to do is start to look at how Wireshark operates so we're going to examine how those packets that come into our network interface card get loaded into Wireshark. We'll look at how that packet capture operation works. Then we're going to look at demonstrating Wireshark installation. So we're actually going to go out to the website, download Wireshark, and do the installation of both the application and the packet capture drivers.

Capturing Traffic
Hi everybody. I'm Ross Bagurdes, and welcome to Pluralsight. In this next module, we're going to take a look at using Wireshark to capture traffic and some of the options we have to do that. Now capturing traffic is one of the critical components here to actually doing some Wireshark analysis, so we're going to spend a little time here talking about what's required to get the capture done and some options we have during the capture. Our goals this module, first I'm going to offer you some caution when using Wireshark. Wireshark is a sophisticated utility and it oftentimes can let an engineer be led to conclusions that are surprising to others so I'm going to give you some caution here about it. We're going to do a demonstration then. This particular module is going to be heavy on demonstrations. So we're going to just get started and take a look at how we do a Wireshark capture and some of the options we have. Then we're going to do a demonstration of examining the Wireshark interface and looking at the different components of the Wireshark window. And last, we'll wrap up this module by doing another demonstration. We're going to look at using a capture filter. Now using a capture filter is not my favorite thing to do, however, I will tell you the limitations of using a capture filter and there is some utility to having this option available so we'll look at that.

Examining Encapsulation and the Wireshark Dissector
Hi everybody, I'm Ross Bagurdas, and welcome to Pluralsight. In this next module, we're going to take a look at encapsulation and the Wireshark dissectors. Now we've already had a preview of this in the Getting Started with Wireshark module, where we took a look at how Wireshark organizes the data it dissects into the same order that the OSI model uses. In this module, we're going to take that a little bit deeper, and actually investigate where Wireshark is getting this information, and take a look at how it's actually organized. So our goals this module are to do mostly demonstration, and what I'd like to do is capture some HTTP traffic, and then go through and examine the frame dissector, the IP dissector, the TCP dissector. We'll look a little bit at the HTTP information as well, and then what we're going to do is we're going to use all this information that we collected from Wireshark, and our ability to examine all these different dissected pieces of information in our packet details, we're going to use that actually then to make a map of a network with addresses on it. So let's get started here.

Using Display Filters
Hi everybody, I'm Ross Bagurdes, and welcome to Pluralsight. In this next module, we're going to use some display filters to isolate the specific messages that we are trying to examine in Wireshark. To get started with that though, what I'd like to do is I'd like to identify the protocols we use when we download a web page. Not everybody may be familiar with all of the protocols that are involved in this, so what I'd like to do here is first go through an explanation of what protocols are used and how they're used when we download a website. Then what I'd like to do is actually go on to our demonstration workstation, do that same thing, download that web page, and then we're going to use display filters to isolate the necessary information. So we're going to go through and isolate each individual protocol to find the information we're looking for. Then what we're going to do is we're going to combine those display filters so that we can actually get the whole entire picture of all the protocols we used in order to download that web page, we're going to get those to display all at the same time on the same screen by combining these display filters. By starting this, this is our primer to really understanding how we can use those display filters to find the traffic we're looking for. So, let's get started.

Getting Started with TCP Analysis
Hi everybody, I'm Ross Bagurdes, and welcome to Pluralsight. This is the last module in the course: Getting Started with Wireshark, and what we're going to do here is get started with TCP analysis. TCP analysis is one of the most critical things to understand when we're using Wireshark, because when we are troubleshooting misbehaving applications on our network, usually we can use the information that TCP provides us in Wireshark to figure out where the issue is, whether it's a server that's not responding the way it should be, or maybe there's some device in the middle that's causing issues with our network communication. Usually we can figure out what's happening by using some analysis of TCP. So let's get started. Our goals this module will be to first describe the 3-way handshake. Then we're going to look at the 4-way disconnect. But the 4-way disconnect is not the only way we can shut down a TCP conversation, so we'll also take a look at a reset. We're going to discuss port numbers briefly to talk about their role in TCP. We've already taken a look a little bit at the port numbers in a previous module of this course, but we'll take a deeper look at it here. Then I'm going to move into demonstration; the demonstration of course is always my favorite part here, and in the demonstration we're going to look at Wireshark. We'll do some captures, and then we're going to look at the 3-way handshake and the 4-way disconnect, and then we're also going to look at the TCP flags; and really what I'm after here is to examine what those TCP flags are showing us, as well as some resets and something called a push or a P-S-H that we use in TCP.