CBT Nuggets - Wireshark Training (2013) [25 mp4]
English | Size: 1.80 GB
This video training with Keith Barker covers Wireshark, the worldâ€™s most popular protocol analyzer, including topics such as installing Wireshark, navigating in the GUI, customizing and using it as a troubleshooting tool and more.
Whether you need to perform a security application analysis or troubleshoot something on a network, Wireshark is the tool for you! The popular, open-source tool is dubbed the â€œworldâ€™s foremost network protocol analyzer.â€ (Itâ€™s also free and is a cross-platform tool!) In this video training, CBT Nuggets trainer Keith Barker walks you through everything you need to know about this versatile analyzer. Heâ€™ll teach you how to install Wireshark, navigate it, and utilize it to best fit your needs. Topics he covers include: navigating the graphical user interface (GUI), creating profiles, filtering, customization and more. Get ready to learn Wireshark inside-out and how to use it to your benefit!
Videos in course:
In this video, Keith introduces the series, along with some examples of why using a protocol analyzer (such as Wireshark) is a critical skill. Keith explains the prerequisites and techniques for getting the most from the time you spend enjoying this Wireshark nugget series. Accessing the Nuggetlab files (as well as other series that are in progress but not yet finished) are demonstrated.
Jumpstart with Wireshark
Wireshark is the world's most popular (and free) protocol analyzer. In this Nugget, Keith walks you through the installation, setup, and a capture-to get you started right away! The trace file created in this video is available in the NuggetLab download area.
Navigating in the GUI
It's a Graphical User Interface (GUI), so how hard can it be? For someone who isn't aware of features or what the icons do, the GUI can appear unfriendly. Understanding the different areas in the GUI, and what they can do, will save hours of trial and error. Those who are new to Wireshark, as well as people who have used it before, can learn some time-saving tidbits in this Nugget.
Arranging Wireshark Your Way
The default arrangement within Wireshark is a starting point, but most of us will be changing these settings to fit our needs better. In this Nugget, Keith walks you through sorting, moving, hiding, and restoring columns, as well as using the packet details area to view and manipulate the protocols captured in the trace.
Wireshark and GNS3
Using virtual environments are a great way to test and validate servers/applications/devices before putting them on a live production network. GNS3 provides an emulated network and has excellent Wireshark integration. In this Nugget, we take a sample network and then apply packet capturing to four different points in that network, in order to compare and contrast the network traffic as it crosses those points in the network. This Nugget focuses on Wireshark. For videos on the GNS3 specifically, please refer to the GNS3 series right here at CBT Nuggets. Also, the four capture files used in this video are available for download from the NuggetLab area.
Wireshark uses many groups of protocol interpreters (behind the scenes) called "dissectors." These dissectors provide the useful information that we typically see in the details area for a capture. In this Nugget, we will take a look at how Wireshark knows which dissector to use to interpret a specific layer of a protocol stack, and what we can do when Wireshark doesn't know what dissector to use.
Wireshark is used for various purposes. One day we might be doing security application analysis, and the next day, troubleshooting latency on the network. The customization of the columns and fields used for each type of analysis will be different, and that is where profiles can save a bunch of time. By creating profiles with the perfect settings for a given task, we can switch back and forth between profiles on the fly, and not have to manually alter the settings each time we use Wireshark. In this Nugget, Keith walks you through creating a custom profile, and changing some of the defaults regarding the new profile. The capture file used in this video is available in the NuggetLab download area.
Looking for Latency
By using the column for TCP Delta for individual sessions, we can see how long of a delay exists between the packets in a TCP stream. In this Nugget, Keith discusses where latency may exist and how to start using Wireshark to identify it. This video also demonstrates how to move settings from a custom profile from one computer to another. The files used in this video, including additional IOS router commands (that inject latency at R2), can be found in the NuggetLab files associated with this video.
Controlling the Capture
There are several ways to capture network traffic so that Wireshark can use it. In this Nugget, Keith explains several options including taps, SPAN and local interfaces. Once the location of the capture has been identified, there are several important options such as not filling up your the hard disk that need to be considered as well. Using multiple file options, including a ring buffer, are explained and demonstrated. Supporting NuggetLab files for this video are available.
When there are gigabytes of data flowing across the network, and we need 24 hours worth of capture time, there will likely be a challenge regarding disk space on the Wireshark computer (even if splitting the capture over multiple files). In this Nugget, Keith walks you through and demonstrates the use of Capture Filters in Wireshark. Capture Filters allow Wireshark to only include the traffic you specify (that will be saved in the capture file), while everything else is filtered out. The homework assignment for this video is available in the NuggetLab area.
Many times, capture files can be large and contain thousands of network conversations. Using a Display Filter, we can tell Wireshark which packets to display, allowing us to focus on that specific traffic. In this Nugget, Keith demonstrates the logic, creation, and use of Display Filters. The starting profile preference file used in this video in available in the NuggetLab area, along with the capture file used in this video.
Adv. Display Filters
Often, to see the exact traffic we want to see, a complex (or at least more detailed) Display Filter is needed. In this Nugget, Keith walks you through how to create advanced filters using the details pane of Wireshark, and the all-powerful right mouse button. The profile and capture files for this video are in the NuggetLab area for this video.
Zeroing in on Conversations
Focusing on a single conversation among the thousands that may be part of a capture file could be like looking for a needle in a haystack. Fortunately, Wireshark has some sweet tools to assist us in following conversations. In this Nugget, Keith walks you through four separate ways to focus on specific conversations within a capture file. The capture file, along with the preferences file for the profile used in this video, are available in the NuggetLab area.
In this Nugget, Keith walks you through the upgrade to version 1.10. This new version hosts a variety of new features including auto-update, HTTP request-response time-stamps and additional display filter functionality. The two capture files demonstrated in this video, along with the preferences file from the profile used at the beginning of the video, are available in the NuggetLab area for this video.
Sorting out a Troubled Network
What's really going on inside of the network? In this Nugget, join Keith on a journey to investigate (based on a Wireshark capture, and using your display filter skills) to identify what type of malicious traffic is on the network. The capture file, profile preferences file and "Solution for display filter.txt" are all available in the NuggetLab area.
Raspberry Pi Remote Monitoring
Having a remote dedicated capturing device on remote switches is a luxury, and by using a Raspberry Pi for that remote monitoring, the price just went way way down. In this Nugget, Keith demonstrates how you can use a $35 (US) Raspberry Pi, and support X Windows GUI right back to your management computer.
How Regular are Your Expressions?
Wireshark's display filters support using regular expressions and wildcards that can save us lots of time when searching our packet captures. In this Nugget, Keith walks you through examples of when and how to use these including demonstrations. The capture file, regular expression file, and the preferences file from the profile used in the video are all available in the NuggetLab area. Download them and have them ready so you can practice right along with the video.
Another method to assist us in seeing and interpreting packets is to use coloring rules for various types of packets. In this Nugget, Keith walks you through how to determine why a color was used, and then how to change the defaults if desired. Exporting custom color settings for portability are also discussed and demonstrated. The profile preferences file, along with the capture file used in this video, are available in the NuggetLab area.
Using Temporary Colors
Coloring rules are great, but what about temporarily assigning a color to focus on a specific conversation or session in a specific trace file? In this Nugget, Keith explains and demonstrates how to use temporary colors to focus on the packets that are of most interest to you. The profile preferences file, along with the capture file used in this video, are waiting for you in the NuggetLab area.
How do we get a portion of a capture file (as part of a new file or a report), into the hands of those who need it? One solution is to use the Export feature in Wireshark. In this Nugget, Keith walks you through the benefits and options of exporting. The preferences file from the profile used in this video as well as the capture file are available in the NuggetLab file area.
Identifying the protocols, hosts, subnets (etc) that are using up the most bandwidth is easily done with IO graphs in Wireshark. In this Nugget, Keith walks you through the creation and use of these graphs. The capture file used in this video is available in the NuggetLab file area.
Expert Infos in Wireshark
When Wireshark offers a "recommendation" regarding a potential problem, it can assist us in finding problems more quickly. The "Expert Infos" comments that are added can automatically alert us to errors and issues within a capture file. In this Nugget, Keith walks you through using this feature. The preferences file (from the profile used at the beginning of this video) along with the capture used, are available as part of the NuggetLab files associated with this video.
Seeing What the User Downloaded
Two cooks with equal skills, the same recipe, and the same ingredients, can make the same meal. Likewise, when Wireshark has all the packets involved in a session, it can often allow the recreation of the files seen or downloaded by a user. In this Nugget, Keith shows you how to see graphic files from HTTP sessions, and how to recreate and locally save an FTP file from a Wireshark capture. The profile preferences file along with the capture and other images used in this video are available in the NuggetLab file area for this video.
One of the types of traffic we are likely to see in a capture file is Voice over IP (VoIP). In this Nugget, Keith walks you through how to look at, graph and replay voice conversations from the captured packets using Wireshark. The profile preferences file, along with the capture file used in this video are available via the NuggetLab file area for this video.
Using a protocol analyzer can shed light on what is really happening with IPv6, including the ability to verify what is actually happening on the network compared to what is supposed to happen. In this Nugget, Keith walks you through setting up a test IPv6 network and then capturing and analyzing the traffic with Wireshark. Merging of files also is covered in this video. Capture and config files used in this Nugget are in the NuggetLab file area.
Total Series Duration: 07:56:16
Buy Premium Account From My Download Links And Get Resumable Support & SUPER Fastest speed