Wireshark is a network packet analysis tool that enables you to see the traffic going over the network. At the end of 2015, Wireshark 2.0 was released. This release radically changed the GUI, and added several major improvements. This course is based on this new version of Wireshark. It is recommended that you take the Wireshark 2.0 Fundamentals as a prerequisite to this course. In Wireshark Core Protocol Analysis, you will look at the key TCP/IP protocols used in today's enterprise networks. First, you'll learn about the four-step methodology for analyzing any network protocol. Next, you'll explore the eight most core protocols that are on today's enterprise networks. Finally, you'll wrap up the course by understanding key security protocols running on your network, and learn how to get yourself ready to support IoT on your enterprise network. By the end this course, you will have reinforced your understanding of how these eight core protocols work, be familiar with the key fields carried in the protocol header, and most importantly, you'll know what to look for when analyzing your enterprise (or even your home) network.
Course Overview Hi everyone, my name is Dr. Avril Salter, and welcome to my course, Wireshark Core Protocol Analysis. I'm an independent consultant at Salter & Associates, and I've been working on network traffic analysis for so many years that I don't want to tell you how long because it ages me so much. This course is focused on how to analyze the core protocols that are used in your enterprise network. There are two dominate reasons why I think you should be considering taking this course. Firstly, Wireshark is the de facto standard today for performing network analysis. It's therefore highly valued and recognized by enterprises as an essential skillset for those people that are working on enterprise networks. Secondly, it is increasingly important to know what traffic is going over your network, whether in the enterprise environment or on your home personal network. In this course, we're going to take you through how to look at the key protocols that are used in today's enterprise networks. These protocols include Ethernet, Spanning Tree Protocol, ARP, the 802. 1Q tagging that's used for tagging traffic onto different VLANs, ICMP, we're also going to look at Wi-Fi, and of course we will look at IP and TCP. Some of the major topics that we will cover in this course will be a four-step methodology that I've personally had great success in using when analyzing any network protocol. And then I have a module on each of those TCP protocols that I mentioned earlier that are the core protocols that are used in today's enterprise networks. Once you finish this course, my hope is that first it has reinforced your understanding on how these eight core protocols work. You should be familiar with the key fields that are carried in the protocol header, and the implications of different values in those key fields. And what's most important is that you should've gained a good understanding of some of the most important things to look for when you're analyzing these different protocols in your enterprise network, and again some of these protocols apply to your home network as well. Before beginning the course, it is desirable that you're familiar with basic networking concepts. For example, the OSI model, and how network addressing is done. I hope you'll join me on this journey to learn how to analyze traffic in your enterprise network with the Wireshark Core Protocol Analysis course here at Pluralsight.
Doing Packet Analysis with Wireshark Hi, my name is Dr. Avril Salter, and welcome to this course titled Wireshark Core Protocol Analysis. Before we begin, let's talk about who should be taking this course. It is my person belief that every IT professional should be able to do packet analysis. Whether you are an administrator, application developer, business analysis, or security expert, everybody in the IT profession today could benefit from having the skills to look at traffic that's going over their enterprise network. I also believe that the major reason why people don't do packet analysis is because they don't have the knowledge of the TCP/IP network protocols at the packet level. Therefore the purpose of this course is twofold, first to give you the knowledge of how that the core TCP/IP protocols work, and then to show you how to apply that knowledge, then to analyze your network traffic using the Wireshark packet analyzer. Before we begin with a detailed look at our first protocol, it's important to discuss what exactly packet analysis is. Then I want to share with you my four-step methodology that has given me personal success when doing packet analysis. And lastly, I want to review the TCP/IP network model and encapsulation at the different layers in the protocol stack.
802.1Q: Check Your VLANs to Make Sure They Are Tagged Correctly Hi, my name is Avril Salter, and welcome to this module on 802. 1Q. 802. 1Q, among other things, allows you to insert a tag into your Ethernet frame. In this module, you are going to learn how to use Wireshark to check your traffic that's being placed on VLANs and given priority to make sure that their tagged correctly. The purpose of this module is to get you using Wireshark 2. 0 to look at your network traffic between your switches that are carrying 802. 1Q tags. As this is a Wireshark class, we need to get down to the low level, and look at individual fields, so we're going to break down the 802. 1Q tag, and look inside of it to see how you can use it for identifying VLANs, and giving your frames different priorities when they travel over your switch network. In this module, we also want to give you some pointers for what to look for when you're analyzing your tagged Ethernet traffic between your switches. To achieve those goals, we will start looking at the Ethernet tagged frame, and how tagging works. As I mentioned, we need to get into the details of what the fields are within the 802. 1Q tag, and then we will look at how to analyze VLAN tag traffic in your network. To support this learning, we have two labs. The first one will look at the 802. 1Q specification. The 802. 1Q specifications are quite large, but it's possible to narrow down and look for the specifics that we need in order to understand VLANs and prioritization tagging. And our last lab, of course, we'll be looking at tagged traffic in Wireshark, both VLAN tags and prioritization tags
Spanning Tree Protocol: Make Sure There Are No Loops in Your LAN Hi, my name is Dr. Avril Salter, and welcome to this module on the Spanning Tree Protocol. In this module, we're going to show you how to make sure there are no loops in your layer two LAN. The purpose of this module is to learn about using Wireshark to look at Spanning Tree Protocol traffic. As part of this module, we'll take a look at how the Spanning Tree Protocol works, and we'll also look at some of the key things that you need to understand when analyzing Spanning Tree Protocol traffic. All of the modules follow a very similar structure, so we will start with an overview of how the spanning tree protocol works. We will then take a deep-dive look at the fields that are contained in the spanning tree protocol messages, the BPDU as we call them, that goes across your networks. And we will analyze that Spanning Tree Protocol traffic to reinforce key points of how the protocol work, as well as the look of areas that may be problematic in your networks. To support that outline, we have two labs, one that will take a detailed look at the 802. 1Q specifications, which includes a section on the Spanning Tree Protocols, and then we will take a look at Spanning Tree Protocol traffic in Wireshark, and in particular we'll be looking at the Rapid Spanning Tree Protocol.
ARP: Using Address Resolution When Your Ping Test Fails Hello, my name is Avril Salter, and welcome to this module on Address Resolution Protocol, ARP. We'll be analyzing ARP in Wireshark 2. 0, and one of the fun things you'll learn in this module is that if your ping test fails to show connectivity, you can check layer 2 connectivity with ARP, and you'll learn how to do that in this module. The purpose of this module is three fold. First make you feel comfortable in using Wireshark to look at your APR traffic in your organization's network. Secondly by using Wireshark and watching the ARP packets going backwards and forwards, you can gain a greater understanding of the way the ARP protocol works. And lastly, we want you to gain an understanding of what to look for when you're analyzing your organization's ARP traffic. To achieve those objectives, we will first do an overview of how ARP works. Once you understand how ARP works, we'll take a deep-dive look at what the individual fields are in the ARP messages that go over our networks. And we will talk about what to look for when you're analyzing your ARP traffic. In support of those discussions, we have two labs, one that will look at the ARP specifications, as you know by now, I'm a great believer in going back to the protocol specifications, so you have a definitive explanation of that protocol, and then of course we will look at ARP traffic actually in Wireshark. Let's get started.