This video training with Keith Barker covers Wireshark, the world's most popular

protocol analyzer, including topics such as installing Wireshark, navigating in

the GUI, customizing and using it as a troubleshooting tool and more.
Recommended Skills
=Familiarity with networking concepts and protocols
=Network+ (equivalent knowledge) or greater
Recommended Equipment
=Windows, Linux or Mac OS to install Wireshark
Related Job Functions:
=Network professionals of all levels
=Security experts
=Developers
=Educators
Whether you need to perform a security application analysis or troubleshoot some
thing on a network, Wireshark is the tool for you! The popular, open-source tool
is dubbed the "world's foremost network protocol analyzer." (It's also free and
is a cross-platform tool!) In this video training, CBT Nuggets trainer Keith Ba
rker walks you through everything you need to know about this versatile analyzer
. Hell teach you how to install Wireshark, navigate it, and utilize it to best fi
t your needs. Topics he covers include: navigating the graphical user interface
(GUI), creating profiles, filtering, customization and more. Get ready to learn
Wireshark inside-out and how to use it to your benefit!
Videos:
Getting the Most From This Series
In this video, Keith introduces the series, along with some examples of why usin
g a protocol analyzer (such as Wireshark) is a critical skill. Keith explains th
e prerequisites and techniques for getting the most from the time you spend enjo
ying this Wireshark nugget series. Accessing the Nuggetlab files (as well as oth
er series that are in progress but not yet finished) are demonstrated.
Jumpstart with Wireshark
Wireshark is the world's most popular (and free) protocol analyzer. In this Nugg
et, Keith walks you through the installation, setup, and a capture-to get you st
arted right away! The trace file created in this video is available in the Nugge
tLab download area.
Navigating in the GUI
It's a Graphical User Interface (GUI), so how hard can it be? For someone who is
n't aware of features or what the icons do, the GUI can appear unfriendly. Under
standing the different areas in the GUI, and what they can do, will save hours o
f trial and error. Those who are new to Wireshark, as well as people who have us
ed it before, can learn some time-saving tidbits in this Nugget.
Arranging Wireshark Your Way
The default arrangement within Wireshark is a starting point, but most of us wil
l be changing these settings to fit our needs better. In this Nugget, Keith walk
s you through sorting, moving, hiding, and restoring columns, as well as using t
he packet details area to view and manipulate the protocols captured in the trac
e.
Wireshark and GNS3
Using virtual environments are a great way to test and validate servers/applicat
ions/devices before putting them on a live production network. GNS3 provides an
emulated network and has excellent Wireshark integration. In this Nugget, we tak
e a sample network and then apply packet capturing to four different points in t
hat network, in order to compare and contrast the network traffic as it crosses
those points in the network. This Nugget focuses on Wireshark. For videos on the
GNS3 specifically, please refer to the GNS3 series right here at CBT Nuggets. A
lso, the four capture files used in this video are available for download from t
he NuggetLab area.
Dissectors
Wireshark uses many groups of protocol interpreters (behind the scenes) called "
dissectors." These dissectors provide the useful information that we typically s
ee in the details area for a capture. In this Nugget, we will take a look at how
Wireshark knows which dissector to use to interpret a specific layer of a proto
col stack, and what we can do when Wireshark doesn't know what dissector to use.
Profiles
Wireshark is used for various purposes. One day we might be doing security appli
cation analysis, and the next day, troubleshooting latency on the network. The c
ustomization of the columns and fields used for each type of analysis will be di
fferent, and that is where profiles can save a bunch of time. By creating profil
es with the perfect settings for a given task, we can switch back and forth betw
een profiles on the fly, and not have to manually alter the settings each time w
e use Wireshark. In this Nugget, Keith walks you through creating a custom profi
le, and changing some of the defaults regarding the new profile. The capture fil
e used in this video is available in the NuggetLab download area.
Looking for Latency
By using the column for TCP Delta for individual sessions, we can see how long o
f a delay exists between the packets in a TCP stream. In this Nugget, Keith disc
usses where latency may exist and how to start using Wireshark to identify it. T
his video also demonstrates how to move settings from a custom profile from one
computer to another. The files used in this video, including additional IOS rout
er commands (that inject latency at R2), can be found in the NuggetLab files ass
ociated with this video.
Controlling the Capture
There are several ways to capture network traffic so that Wireshark can use it.
In this Nugget, Keith explains several options including taps, SPAN and local in
terfaces. Once the location of the capture has been identified, there are severa
l important options such as not filling up your the hard disk that need to be co
nsidered as well. Using multiple file options, including a ring buffer, are expl
ained and demonstrated. Supporting NuggetLab files for this video are available.
Capture Filters
When there are gigabytes of data flowing across the network, and we need 24 hour
s worth of capture time, there will likely be a challenge regarding disk space o
n the Wireshark computer (even if splitting the capture over multiple files). In
this Nugget, Keith walks you through and demonstrates the use of Capture Filter
s in Wireshark. Capture Filters allow Wireshark to only include the traffic you
specify (that will be saved in the capture file), while everything else is filte
red out. The homework assignment for this video is available in the NuggetLab ar
ea.
Display Filters
Many times, capture files can be large and contain thousands of network conversa
tions. Using a Display Filter, we can tell Wireshark which packets to display, a
llowing us to focus on that specific traffic. In this Nugget, Keith demonstrates
the logic, creation, and use of Display Filters. The starting profile preferenc
e file used in this video in available in the NuggetLab area, along with the cap
ture file used in this video.
Adv. Display Filters
Often, to see the exact traffic we want to see, a complex (or at least more deta
iled) Display Filter is needed. In this Nugget, Keith walks you through how to c
reate advanced filters using the details pane of Wireshark, and the all-powerful
right mouse button. The profile and capture files for this video are in the Nug
getLab area for this video.
Zeroing in on Conversations
Focusing on a single conversation among the thousands that may be part of a capt
ure file could be like looking for a needle in a haystack. Fortunately, Wireshar
k has some sweet tools to assist us in following conversations. In this Nugget,
Keith walks you through four separate ways to focus on specific conversations wi
thin a capture file. The capture file, along with the preferences file for the p
rofile used in this video, are available in the NuggetLab area.
Upgrading Wireshark
In this Nugget, Keith walks you through the upgrade to version 1.10. This new ve
rsion hosts a variety of new features including auto-update, HTTP request-respon
se time-stamps and additional display filter functionality. The two capture file
s demonstrated in this video, along with the preferences file from the profile u
sed at the beginning of the video, are available in the NuggetLab area for this
video.
Sorting out a Troubled Network
What's really going on inside of the network? In this Nugget, join Keith on a jo
urney to investigate (based on a Wireshark capture, and using your display filte
r skills) to identify what type of malicious traffic is on the network. The capt
ure file, profile preferences file and "Solution for display filter.txt" are all
available in the NuggetLab area.
Raspberry Pi Remote Monitoring
Having a remote dedicated capturing device on remote switches is a luxury, and b
y using a Raspberry Pi for that remote monitoring, the price just went way way d
own. In this Nugget, Keith demonstrates how you can use a $35 (US) Raspberry Pi,
and support X Windows GUI right back to your management computer.
How Regular are Your Expressions?
Wireshark's display filters support using regular expressions and wildcards that
can save us lots of time when searching our packet captures. In this Nugget, Ke
ith walks you through examples of when and how to use these including demonstrat
ions. The capture file, regular expression file, and the preferences file from t
he profile used in the video are all available in the NuggetLab area. Download t
hem and have them ready so you can practice right along with the video.
Coloring Rules
Another method to assist us in seeing and interpreting packets is to use colorin
g rules for various types of packets. In this Nugget, Keith walks you through ho
w to determine why a color was used, and then how to change the defaults if desi
red. Exporting custom color settings for portability are also discussed and demo
nstrated. The profile preferences file, along with the capture file used in this
video, are available in the NuggetLab area.
Using Temporary Colors
Coloring rules are great, but what about temporarily assigning a color to focus
on a specific conversation or session in a specific trace file? In this Nugget,
Keith explains and demonstrates how to use temporary colors to focus on the pack
ets that are of most interest to you. The profile preferences file, along with t
he capture file used in this video, are waiting for you in the NuggetLab area.
Exporting
How do we get a portion of a capture file (as part of a new file or a report), i
nto the hands of those who need it? One solution is to use the Export feature in
Wireshark. In this Nugget, Keith walks you through the benefits and options of
exporting. The preferences file from the profile used in this video as well as t
he capture file are available in the NuggetLab file area.
Input/Output Graphs
Identifying the protocols, hosts, subnets (etc) that are using up the most bandw
idth is easily done with IO graphs in Wireshark. In this Nugget, Keith walks you
through the creation and use of these graphs. The capture file used in this vid
eo is available in the NuggetLab file area.
Expert Infos in Wireshark
When Wireshark offers a "recommendation" regarding a potential problem, it can a
ssist us in finding problems more quickly. The "Expert Infos" comments that are
added can automatically alert us to errors and issues within a capture file. In
this Nugget, Keith walks you through using this feature. The preferences file (f
rom the profile used at the beginning of this video) along with the capture used
, are available as part of the NuggetLab files associated with this video.
Seeing What the User Downloaded
Two cooks with equal skills, the same recipe, and the same ingredients, can make
the same meal. Likewise, when Wireshark has all the packets involved in a sessi
on, it can often allow the recreation of the files seen or downloaded by a user.
In this Nugget, Keith shows you how to see graphic files from HTTP sessions, an
d how to recreate and locally save an FTP file from a Wireshark capture. The pro
file preferences file along with the capture and other images used in this video
are available in the NuggetLab file area for this video.
VoIP
One of the types of traffic we are likely to see in a capture file is Voice over
IP (VoIP). In this Nugget, Keith walks you through how to look at, graph and re
play voice conversations from the captured packets using Wireshark. The profile
preferences file, along with the capture file used in this video are available v
ia the NuggetLab file area for this video.
IPv6
Using a protocol analyzer can shed light on what is really happening with IPv6,
including the ability to verify what is actually happening on the network compar
ed to what is supposed to happen. In this Nugget, Keith walks you through settin
g up a test IPv6 network and then capturing and analyzing the traffic with Wires
hark. Merging of files also is covered in this video. Capture and config files u
sed in this Nugget are in the NuggetLab file area.
Total Series Duration: 07:56:16