Embed Size (px)
Citation preview
An intenWiresha Instruct
nse 3-day haark Certified
tor: Laura C
ands-on lab Network A
Chappell, Fo
b/lecture counalyst Exam
ounder of W
urse focusinm™.
Wireshark Un
ng on the ke
niversity
ey areas of tthe
Wireshark
ContenWCNA
What is
Who Sh
Recom
Pre‐Eve
Bring‐Y
WCNA
About t
Why Sh
How Do
WCNA
Befo
Day O
Day T
Day T
Am I Re
Prere
Prere
Answer
Append
Certified Netw
nts Boot Camp C
s Included in t
hould Attend
mended Prer
ent Self‐Study
Your‐Own‐Lap
Boot Camp P
the Wireshar
hould Someon
o Individuals
Boot Camp C
re Course: Ke
One: Key Top
Two: Key Top
Three: Key To
eady for the W
equisite Tasks
equisite Quiz
r Key.............
dix A: Wiresh
ork Analyst Bo
Course Overvi
the WCNA Bo
.....................
requisite Know
y Required – S
ptop (BYOL) R
reparation ...
k Certified Ne
ne Pursue the
Earn the Wire
Course Estima
ey Topics in Se
pics in Section
pics in Section
opics in Sectio
WCNA Boot C
s ...................
.....................
.....................
ark Certified
oot Camp [2013
ew ................
oot Camp? ....
.....................
wledge/Capa
Sections 1 an
Requirements
.....................
etwork Analy
e Wireshark C
eshark Certifi
ated Daily Sch
ections 1‐2 ...
ns 3‐14 ..........
ns 15‐26 ........
ons 22‐33 and
Camp? ...........
.....................
.....................
.....................
Network Ana
3/2014 Exam W
......................
......................
......................
bilities ..........
d 2 ................
s .....................
......................
st™ Program
Certified Netw
ied Network A
hedule ...........
......................
......................
......................
d Closing .......
......................
......................
......................
......................
alyst Exam Ob
WCNA102.1]
.....................
.....................
.....................
.....................
.....................
.....................
.....................
....................
work Analyst
Analyst Statu
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
bjectives (Tes
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
Certification?
us? .................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
st WCNA102.
......................
......................
......................
......................
......................
......................
......................
......................
? ....................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
1) ..................
....... 1
....... 1
....... 1
....... 1
....... 1
....... 2
....... 2
....... 3
....... 3
....... 3
....... 4
....... 4
....... 4
....... 4
....... 4
....... 5
....... 5
....... 5
..... 10
..... 12
Wireshark
WCNA BThis 3‐dayWiresharklabs, lectu
What is IAll WCNA
Who ShoThis 3‐dayCertified N
RecommStudents router, NAUDP, IP, Dinterface
Students the tasks
In additiosection be
Pre-EvenIn order tbe made aprior to ainformatioSchedule
Certified Netw
oot Camp Cy intense Book Certified Neure, and samp
Included in A Boot Camp s
WCNA Boo WCNA Boo All Access WCNA Exa WiresharkSecond Ed
Labs and le
ould Attend y intense couNetwork Ana
mended Prershould have aAT, for exampDHCP, ICMP, fand basic me
should reviewlisted as well
n, students melow and com
nt Self-Studo allow sufficavailable onlirriving at the on on the conon page 4.
ork Analyst Bo
Course Overvot Camp class etwork Analysple open‐grad
the WCNA Bstudents will
ot Camp Studot Camp USB Pass One‐Yeaam Voucher (a Network Anaition (a $99 vectures led by
rse is designelyst (WCNA) d
requisite Kna strong workple) and be cofor example).ethods used t
w Am I Ready as correctly a
must review amplete the ste
y Required cient time for ne to studenWCNA Boot ntents of Sect
oot Camp [2014
view focuses on thst Exam (WCNding exams.
Boot Camp?receive the fo
dent Manual ((containing tar Subscriptioa $299 value)alysis: The Ofvalue) y Laura Chap
ed for networdesignation.
nowledge/Cking knowledomfortable w In addition, so capture and
y for the WCNanswer all the
nd complete eps outlined i
– Sections the more difts in advanceCamp. Thesetion 1 and Se
4 Exam WCNA
he key areas NA102.1). Stu
? ollowing item
(includes labstrace files andon Voucher (a) fficial Wiresha
pell, Founder
rk professiona
Capabilities ge of intercon
with the elemestudents shoud filter traffic
NA Boot Campe questions w
the Bring Yon WCNA Boo
1 and 2 fficult sectione of the cours two sectionsction 2, see W
A102.1]
covered in thudents will rev
ms upon arriva
s and quizzes)d supplementa $699 value)
ark Certified
r of Wireshar
als interested
nnecting devents of the TCuld already bc.
p (page 5) anwithout the u
our Own Laptot Camp Prep
s of the WCNe. Students ms will not be cWCNA Boot C
he most curreview these ke
al the first da
) tal resources)
Network Ana
k University
d in obtaining
ice functionaCP/IP protocoe familiar wit
nd be able to se of referen
top Format Reparation.
NA Exam, Sectmust completcovered live. FCamp Course E
P
ent version ofey areas thro
y of class:
)
alyst Study Gu
g the Wiresha
lity (switch, ol suite (ARP, th the Wiresh
easily complce materials.
equirements
tions 1 and 2 te these sectioFor more Estimated Da
Page 1
f the ugh
uide –
ark
TCP, hark
ete
will ons
aily
Wireshark
Bring-YoStudents There willis installed
The studewww.wirespecificallLaura Cha
A functionmaterials
Prior to clreturn the
In summa
C C En R Se
It is criticathey arriv
WCNA BStudent Wfollow the
1. La2. Se3. O4. D
p
Certified Netw
our-Own-Lapattending thil not be time d and configu
ents must brineshark.org). Wly denoted in appell will be
nal USB port ithat will be a
lass, studentse Default Wir
ary, before stu
onfirm that tonfirm that tnsure they haead and folloelf‐study Sect
al that studenve with a prop
oot Camp PWireshark syse steps below
aunch Wireshelect Help | AOpen the Perselete (or moversonal confi
ork Analyst Bo
ptop (BYOL) s WCNA Bootin class to heured as descri
ng a laptop wWe will not beadvance of tusing and dis
is required toavailable via U
s must follow eshark profile
udents arrive
he latest vershey can launcave a workingow the instructions 1 and 2
nts work throperly configur
Preparation tems should
w to clean up a
hark. About Wireshonal Configuve any files) inguration fold
oot Camp [2014
Requiremet Camp are reelp students cibed below p
with the most e using Wireshe course. Stsplaying Wire
o access WCNUSB stick.
the steps defe to its origin
at the WCNA
sion of Wireshch Wireshark g USB port onctions in WCNonline in adv
ugh the WCNred Wireshark
contain a Defany changes
hark | Foldersration foldern this folder. er is shown b
4 Exam WCNA
ents equired to briconfigure theirior to comin
recent 1.10.xshark 1.11.x (dtudents may ushark installe
A Boot Camp
fined in WCNal state befor
A Boot Camp,
hark 1.10.x isand open a t
n their laptop.NA Boot Campvance of the c
NA Boot Campk system.
fault profile tmade to the
s. r. Do not deletebelow.
A102.1]
ing their ownir laptop, so tg to class.
x version of Wdevelopmentuse any OS veed on Window
p trace files an
NA Boot Campre the start o
, they must:
s installed andtrace file. . p Preparationcourse.
p Preparation
hat is in its oDefault profil
e a profiles d
n properly‐conthey must ens
Wireshark instt version) or lersion on thews or MAC OS
nd other supp
p Preparationf class.
d functional o
n.
n steps befor
riginal state. le:
irectory, if on
P
nfigured laptosure their sys
talled (availablater unless ir laptop, butS X host.
plemental
n on page 2 t
on their lapto
re class so tha
Students may
ne exists. A cl
Page 2
ops. stem
ble at
t
to
p.
at
y
ean
Wireshark
About thThe Wiresto meet tavailable
Visit wwwNetwork Adirected t
Why ShoSuccessfuknowledgrelated to
How Do To earn thWCNA‐10www.webWiresharkvisit www
Upon comscore. CanWiresharkdetails onWireshark
Certified Netw
e Wiresharkshark Certifiehe secure andonline or at K
w.wiresharktrAnalyst progrto info@wires
ould Someonul completion ge required too performance
Individuals he Wireshark02x exam. Regbassessor.comk University aw.wiresharktra
mpletion of thndidates whok Certified Nen maintaining k Certified Ne
ork Analyst Bo
k Certified Nd Network And widely avaiKryterion Test
aining.com/cram. Questionsharktraining
ne Pursue thof the Wires
o capture netwe or security
Earn the Wi Certified Netgister for the m/pai. (PAI reand Chappell aining.com/ce
he Wireshark o successfully etwork AnalysWireshark Ceetwork Analys
oot Camp [2014
Network Ananalyst Exam ilable deliveryting Centers w
certification fons regarding yg.com.
he Wiresharhark Certifiedwork traffic, aissues.
reshark Certwork Analystproctored W
epresents the University). Fertification.
Certified Netpass the Wirst Welcome Kertified Netwst program, v
4 Exam WCNA
alyst™ Progrs a globally‐ay requirementworldwide.
or additional your Wiresha
rk Certified d Network Ananalyze the re
rtified Netwot status, an in
Wireshark CertProtocol Ana
For more info
twork Analysteshark CertifKit package thwork Analyst svisit www.wire
A102.1]
ram available, in‐pts desired by
information oark Certified N
Network Annalyst Exam inesults, and id
ork Analyst ndividual mustified Networalysis Institutermation on th
t Exam, an indfied Network hat contains tstatus. For moesharktrainin
person/online candidates. T
on the WiresNetwork Anal
nalyst Certifindicates indivdentify variou
Status? st pass a singlk Analyst Exae, the parent he Exam regi
dividual will rAnalyst Examthe candidateore informating.com/certifi
P
e proctored exThe Exam is
hark Certifiedlyst status ma
ication? viduals have tus anomalies
le exam—theam online at company of stration proc
receive a passm will receive e’s Certificateon on the fication.
Page 3
xam
d ay be
the
e
ess,
s/fail their
e and
Wireshark
WCNA BThe followadjusted tNetwork A
Before C• Se• Se
Day One• Se• Se• Se• Se• Se• Se• Se• Se• Se• Se• Se• Se
Day Two• Se• Se• Se• Se• Se• Se• Se• Se
Day Thre• Se• Se• Se• Se• Se• Se• Se• Se• Se• Se• Se
Certified Netw
oot Camp Cwing daily schto ensure moAnalyst Exam
Course: Key Tection 1: Neection 2: Int
: Key Topicsection 3: Caection 4: Crection 5: Deection 6: Coection 7: Deection 8: Intection 9: Crection 10: Foection 11: Cuection 12: Anection 13: Usection 14: TC
: Key Topicsection 15: Anection 16: Anection 17: Anection 18: Anection 19: Anection 20: Anection 21: Grection 22: An
ee: Key Topicection 23: Anection 24: Anection 25: Anection 26: Intection 27: Voection 28: Baection 29: Finection 30: Neection 31: Deection 32: Anection 33: Eff
ork Analyst Bo
Course Estimhedule indicatore difficult tom Objectives, s
Topics in Seetwork Analystroduction to
s in Sectionsapture Traffic eate and Appefine Global aolorize Trafficefine Time Vaterpret Basic eate and Appollow Streamsustomize Wirennotate, Savese Wireshark’CP/IP Analysis
s in Sectionsnalyze Domainalyze Addresnalyze Internenalyze Internenalyze User Dnalyze Transmraph IO Ratesnalyze Dynam
cs in Sectionalyze Hypertnalyze File Tranalyze Email Ttroduction tooice over IP (Vaseline “Normnd the Top Caetwork Forenetect Scanninnalyze Suspecfective Use of
oot Camp [2014
mated Daily tes which secopics begin in see Appendix
ections 1-2 sis Overview [Wireshark [s
s 3-14
ply Capture Fiand Personal alues and InteTrace File Staply Display Fils and Reassemeshark Profilee, Export and ’s Expert Systs Overview
s 15-22 n Name Systess Resolution et Protocol (IPet Control Meatagram Protmission Contro and TCP Tren
mic Host Confi
ns 23-33 antext Transfer ansfer ProtocTraffic o 802.11 (WLAVoIP) Analysismal” Traffic Paauses of Perfosics Overviewg and Discovect Traffic f Command‐L
4 Exam WCNA
Schedule ctions may bethe morningx A.
[self‐study seself‐study sect
ilters Preferences
erpret Summaatistics ters mble Data es Print Packetsem
em (DNS) TrafProtocol (ARPv4/IPv6) Traessage Protoctocol (UDP) Tol Protocol (Tnds iguration Prot
nd Closing Protocol (HTTol (FTP) Traff
AN) Analysiss Fundamentaatterns ormance Probw ery Processes
Line Tools
A102.1]
e covered eacg. For a compl
ection] tion]
aries
s
ffic RP) Traffic affic col (ICMPv4/ITraffic TCP) Traffic
tocol (DHCPv
TP) Traffic fic
als
blems
s
ch day. This slete list of Wi
CMPv6) Traff
v4/DHCPv6) T
P
chedule mayireshark Certi
fic
Traffic
Page 4
be ified
Wireshark
Am I ReaTo ensurefollowing Answer Kreferenceregisterin
Prerequ
Ta
Ta
Ta
Ta
Ta
Ta
Ta
Ta
Ta
Ta
Prerequ
Q-1. W
Q-2. Th
Q-3. Th
Certified Netw
ady for the We you get the Wireshark taey is located e materials to g for the WC
uisite Task
ask 1: Dete
ask 2: App
ask 3: Succ
ask 4: Dete
ask 5: Expa
ask 6: Resi
ask 7: Iden
ask 8: Crea
ask 9: App
ask 10: Save
uisite Quiz
Wireshark reli True False
he successfu True False
he Wireshark True False
ork Analyst Bo
WCNA Boot most out of tasks and correon page 10. Ianswer quiz NA Boot Cam
ks
ermine on wh
ly a capture f
cessfully open
ermine how m
and individua
ze and sort co
ntify all active
ate an IO Grap
ly a display fi
e a filtered se
es on the Win
l TCP handsh
k IO Graph can
oot Camp [2014
Camp? the WCNA Boectly answer af a student caquestions, th
mp.
hich interface
filter for traffi
n a trace file.
many packets
l areas or ent
olumns in the
TCP convers
ph.
lter for traffic
t of packets t
nPcap driver w
hake consists
n be used to v
4 Exam WCNA
oot Camp, stuall quiz questannot quicklyhey may need
s Wireshark c
ic to or from a
s are in a trace
tire subtrees
e Packet List p
ations in a tra
c to or from a
to a new file.
when running
s of SYN, SYN/
view the pack
A102.1]
udents shouldtions without y complete thd a bit more p
can capture t
a specific por
e file.
in the Packet
pane.
ace file.
a specific IP ad
g on a Window
/ACK and AC
kets-per-seco
d be comforta using referenhe tasks or nepractice and s
traffic.
rt number.
t Details pane
ddress.
ws host.
CK packets.
ond rate of tra
P
able with the nce materialseds to reach study time be
e.
affic.
Page 5
s. The for efore
Wireshark
Q-4. Th
Q-5. Th
Q-6. B
Certified Netw
he filter ip.a True False
he packet sho True False
ased on the i True False
ork Analyst Bo
addr == 1
own above wo
image above,
oot Camp [2014
0.10.10.1
ould be forwa
, Wireshark h
4 Exam WCNA
10 can be use
arded out all s
as captured 2
A102.1]
ed as a captu
switch ports.
216 packets.
ure filter.
.
PPage 6
Wireshark
Q-7. Pho
Q-8. Th
Q-9. Tha
Q-10. W
Q-11. Th
Certified Netw
romiscuous mosts on a netw True False
he IP address True False
he Wireshark dissector for True False
Wireshark Cap True False
he packet sho True False
ork Analyst Bo
mode must bework.
s notation 10
k Packet Detar those heade
pture Filters c
own above sh
oot Camp [2014
e enabled wh
.6.0.0/16 re
ails pane dispers.
can be applie
hould not be f
4 Exam WCNA
en using Wire
efers to all hos
plays individu
ed to saved tra
forwarded by
A102.1]
eshark to cap
sts whose IP
al header fie
ace files.
routers.
pture traffic b
address begi
lds and value
P
between othe
ins with 10.6
es if Wireshar
Page 7
er
6.
rk has
Wireshark
Q-12. D
Q-13. Et
Q-14. Yo
Q-15. W
Q-16. Th
Q-17. Th
Certified Netw
NS can be us True False
thernet head True False
ou cannot alt True False
Wireshark’s de True False
he filter icm True False
he image abo True False
ork Analyst Bo
sed to discove
ers are stripp
ter the format
efault trace f
mp.type==3
ove depicts th
oot Camp [2014
er the IP addr
ped off and re
t of the Time
ile format ap
3 can be use
he first packe
4 Exam WCNA
ress of a host
eapplied by ro
column in Wi
pends .cap to
ed as a captu
et of a TCP ha
A102.1]
t.
outers during
ireshark’s Pa
o the end of t
ure filter or di
ndshake.
g the forwardi
acket List pan
the file name
splay filter.
P
ing process.
ne.
.
Page 8
Wireshark
Q-18. M
Q-19. U
Q-20. Yo
Certified Netw
Multicasts are True False
DP is a conne True False
ou can purch True False
ork Analyst Bo
e used to com
ection-orient
ase Wireshar
oot Camp [2014
mmunicate wit
ted transport
rk through ww
4 Exam WCNA
th a group of
protocol.
ww.wireshark
A102.1]
hosts.
k.org.
PPage 9
Wireshark
Answer K
A-1. Tru
A-2. Truthre
A-3. TruGra
A-4. Falbe
A-5. TruEth
A-6. Fal
A-7. Truadd
A-8. Truadd
A-9. Truhas
A-10. Faltrac
A-11. Truis “
A-12. Tru
A-13. Tru
A-14. FalVie
Certified Netw
Key
e. Wireshark
e. The TCP haee-way hands
e. The Wireshaph can also
se. The filter host 10.1
e. The packehernet broadc
se. Based on
e. Promiscuodresses, not j
e. This is a CIdress begins
e. The Wireshs a dissector
se. Wiresharce files.
e. The packe“expired”.
e. DNS querie
e. Ethernet h
se. You can aw | Time Disp
ork Analyst Bo
k relies on the
andshake conshake.
hark IO Graph be configured
ip.addr =10.10.10.
t shown woulcast address
n the Status B
ous mode enajust the local
IDR IP addres with 10.6.
hark Packet D for those hea
k Capture Fil
t shown has a
es can be sen
headers are st
alter the formplay Format.
oot Camp [2014
e WinPcap dri
nsists of SYN
h can be usedd to display b
== 10.10.1
ld be forward (0xff:ff:ff:ff:f
Bar in the ima
ables Wiresha hardware ad
ss notation. T
Details pane aders.
ters can only
a Time-to-Live
nt to discover
tripped off an
mat of the Tim
4 Exam WCNA
iver when run
, SYN/ACK an
d to view the pbits per secon
10.10 is a d
ed out all swiff:ff).
age shown, W
ark to captureddress.
The term 10.6
displays indiv
y be applied d
e value of 1. R
r the IP addre
nd reapplied
e column in W
A102.1]
nning on a Win
nd ACK packe
packets-per-snd and bytes p
display filter. T
itch ports bec
Wireshark has
e traffic that
6.0.0/16 refe
vidual heade
during the cap
Routers cann
ess of a host.
by routers du
Wireshark’s P
ndows host.
ets. This is re
second rate oper second.
The proper ca
cause it is ad
captured 12
is destined to
ers to all host
r fields and v
pture process
not forward th
uring the forw
Packet List pa
Pa
eferred to as t
of traffic. The
apture filter w
ddressed to th
,716 packets
o other hardw
ts whose IP
values if Wires
s, not to save
he packet on
warding proce
ane by select
age 10
the
e IO
would
he
s.
ware
shark
d
as it
ess.
ting
Wireshark
A-15. Falver
A-16. Fal
A-17. FalSYN
A-18. Tru
A-19. Falpro
A-20. Fal
Certified Netw
se. Wiresharrsion 1.8.x, W
se. The filter
se. The imageN bit set.
e. Multicasts
se. UDP is a cotocol.
se. Wireshar
ork Analyst Bo
k’s default trWireshark app
icmp.typ
e does not de
s are used to
connectionle
k is open sou
oot Camp [2014
race file formpended .pcap
pe==3 is a d
epict the first
communicat
ess transport
urce and free.
4 Exam WCNA
at appends .p to the file na
isplay filter.
t packet of a T
e with a grou
protocol. TCP
.
A102.1]
pcapng to theames.
TCP handsha
p of hosts.
P is a connec
e end of the f
ake which wou
tion-oriented
Pa
file name. Pri
uld have only
d transport
age 11
or to
the
Wireshark
Appendi(Test WC Key Area
Section
Section 2
Section 3
Certified Netw
x A: WireshaCNA102.1)
a The
1: Netwo De Lis Lis Lis Lis De Ov Un Re
2: Introd De Kn Co Re Ca Op De De Ide Na Us Fo Ma Ac De
3: Captu Kn Kn Ca Us De An An De Ide Ca Ca Au Op Co
ork Analyst Bo
ark Certified
icon marks
ork Analysisefine the Purpost Troubleshoost Security Taskst Optimizationst Application Aefine Legal Issuvercome the "Nnderstand Geneview a Checkli
duction to Wescribe Wireshanow How to Obompare Wiresheport a Wireshapture Packets pen Various Traescribe How Wefine the Elemeentify the Nineavigate Wireshse the Main Tocus Faster withake the Wireleccess Options tefine the Funct
ure Traffic now Where to Tnow When to Rpture Traffic ose a Test Accesefine When to nalyze Routed Nnalyze Wirelessefine Options foentify the Mospture on Multpture Traffic Rutomatically Saptimize Wireshonserve Memo
oot Camp [2014
d Network A
key topics to
s Overview ose of Networkting Tasks for tks for the Netwn Tasks for the Analysis Tasks fues of ListeningNeedle in the Heral Network Tist of Analysis T
Wireshark ark's Purpose btain the Latesthark Release anark Bug or Subon Wired or Wace File Types
Wireshark Proceents of the Stae GUI Elementsark’s Main Meolbar for Efficih the Filter Tooess Toolbar Visihrough Right‐Ctions of the Me
Tap Into the NRun Wireshark on Switched Nes Port (TAP) onSet up Port SpNetworks s Networks or Capturing at Appropriate iple Adapters SRemotely ave Packets to hark to Avoid Dry with Comm
4 Exam WCNA
Analyst Exam
o study in prep
k Analysis the Network Awork Analyst Network Analyfor the Netwog to Network THaystack " IssuTraffic Flows Tasks
t Version of Wnd Developmebmit an EnhancWireless Netwo
esses Packets rt Page s enu ency olbar ible Click Functionaenus and Toolb
etwork Locally etworks n Full‐Duplex Nanning/Port M
t Two LocationCapture InterfSimultaneously
One or More FDropping Packeand‐Line Captu
A102.1]
m Objectives
paration for th
Analyst
yst rk Analyst Traffic e
Wireshark nt Versions cement orks
ality bars
Networks Mirroring on a S
ns Simultaneouface y
Files ets ure
s
he Exam.
Switch
usly (Dual Capt
Pa
tures)
age 12
Wireshark
Section 4
Section 5
Section 6
Section
Certified Netw
4: Creat De Bu Filt Cre Ca Us Cre Ma Sh
5: Defin Fin Se Cu De De Plo Re Re Co Co De Co
6: Color Us Dis Sh Ide Cre Co Te
7: Defin Us Un Ch Ide Cre Me Ide Ca Lo Sp Vie
ork Analyst Bo
te and Applyescribe the Puruild and Apply ater by a Protoceate MAC/IP Apture One Appse Operators toeate Capture Fanually Edit thare Capture Fi
e Global annd Your Configt Global and Peustomize Your Uefine Your Captefine How Wireot IP Addressesesolve Port Numesolve SNMP Inonfigure Filter Eonfigure Statistefine ARP, TCP,onfigure Protoc
ize Traffic se Colors to Difsable One or Mare and Managentify Why a Peate a “Butt Ugolor Conversatimporarily Mar
e Time Valuse Time to Idennderstand Howhoose the Idealentify Delays weate Additionaeasure Packet entify Client, Selculate End‐tocate Slow Servot Overloadedew a Summary
oot Camp [2014
y Capture Firpose of Captua Capture Filtecol Address or Hostplication’s Trafo Combine CapFilters to Look fe Capture Filtelters with Othe
d Personal uration Folderersonal ConfigUser Interface ture Preferenceshark Automas on a World Mmbers (Transponformation Expressions tics Settings , HTTP/HTTPS acol Settings wit
fferentiate TrafMore Coloring Rge Coloring Ruacket is a Certagly” Coloring Rons to Distingurk Packets of In
es and Intentify Network Pw Wireshark Mel Time Display with Time Valueal Time ColumnArrival Times werver and Path‐End Path Delaver Responsesd Clients y of Traffic Rate
4 Exam WCNA
lters re Filters er to an Interfa
t Name Capturffic Only pture Filters for Byte Valueers File ers
Preferencesrs gurations Settings es atically ResolveMap with GeoIPort Name Reso
and Other Protth Right‐Click
ffic Rules ules ain Color Rule for HTTP Euish Them nterest
rpret SummProblems easures PacketFormat es ns with a Time Reh Delays ays
es, Packet Size
A102.1]
ce
re Filters
s
s
es IP and MAC P olution)
tocol Settings
Errors
maries
t Time
eference
s and Overall B
Names
Bytes Transfer
Pa
red
age 13
Wireshark
Section 8
Section 9
Section
Section
Certified Netw
8: Interp La Ide Ide Lis Sp Lis Ev Lis Lis Lis An Gr Ga Ex
9: Creat Un Cre Ap Us Ma Filt Un Co Alt Filt Filt Fin Us Av Ma
10: Follow Fo Fo Fo Ide
11: Custo Cu Cre Sh Cre Cre Cre Cre Cre
ork Analyst Bo
pret Basic Trunch Wiresharentify Networkentify the Mosst Endpoints anot Suspicious Tst Conversationaluate Packet st All IPv4/IPv6st All Destinatiost UDP and TCPnalyze UDP Muaph the Flow oather Your HTTamine All WLA
te and Applynderstand the eate Display Fipply Saved Dispse Expressions ake Display Filtter on Conversnderstand Dispombine Displayter Display Filteter on the Exister on Specificnd Key Words ise Display Filtevoid Common Danually Edit th
w Streams allow and Reassllow and Reassllow and Reassentify Common
omize Wiresustomize Wireseate a New Proare Profiles eate a Troubleeate a Corporaeate a WLAN Peate a VoIP Proeate a Security
oot Camp [2014
race File Stark Statistics k Protocols andt Active Convend Map Them oTargets with Gns or EndpointLengths Addresses in tons in the TraffP Usage ulticast Streamsof Traffic TP Statistics AN Statistics
y Display FilPurpose of Disilters Using Autplay Filters for Filter Assisters Quickly Ussations and Enplay Filter Syntay Filters with Coer Meaning witence of a Fiel Bytes in a Pacin Upper or Lowr Macros for CDisplay Filter Me dfilters File
and Reassemsemble UDP Cosemble TCP Cosemble SSL Con File Types
hark Profileshark with Profofile
eshooting Profiate Profile Profile ofile y Profile
4 Exam WCNA
atistics
d Applications ersations on the Earth eoIP s for Specific T
the Traffic fic
s
ters splay Filters to‐Complete
tance sing Right‐Clickdpoints ax omparison Opeth Parenthesed cket wer Case omplex FilterinMistakes
mble Data onversations onversations nversations
es files
le
A102.1]
Traffic Types
k Filtering
erators s
ng
Paage 14
Wireshark
Section
Section
Section
Section
Section
Section
Certified Netw
12: Annot An Sa Ex Ex Sa Ex
13: Use W La Co Filt De
14: TCP/I De Fo De De De De De De
15: Analy De An An Dis Filt
16: Analy De An An An Dis Filt
17: Analy De An An Dis Filt Se
ork Analyst Bo
tate, Save, Ennotate a Packeve Filtered, Maport Packet Coport SSL Keys ve Conversatioport Packet By
Wireshark’s unch Expert Inolorize Expert Iter on TCP Expefine TCP Exper
IP Analysis Oefine Basic TCPllow the Multiefine Port Numefine Network efine Route Resefine Local MACefine Route Resefine Local MAC
yze Domain efine the Purponalyze Normal nalyze DNS Prossect the DNS ter on the DNS
yze Address efine the Purponalyze Normal Analyze Gratuitonalyze ARP Prossect the ARP Pter on ARP Tra
yze Internet efine the Purponalyze Normal nalyze IPv4 Prossect the IPv4 ter on IPv4/IPvt Your IP Proto
oot Camp [2014
Export and Pet or an Entirearked and Ranontents for Use
ons, Endpointsytes
Expert Systefo Quickly nfo Elementspert Informatiort Information
Overview /IP Functionalstep Resolutio
mber ResolutionName Resolutisolution for a LC Address Resosolution for a RC Address Reso
Name Systeose of DNS DNS Queries/Rblems Packet StructuS/MDNS Traffic
Resolution ose of ARP TrafARP Requests/ous ARP blems Packet Structuaffic
Protocol (IPose of IP IPv4 Traffic blems Packet Structuv6 Traffic ocol Preference
4 Exam WCNA
Print Packet Trace File ges of Packetse in Other Prog
, I/O Graphs an
em
on Elements
ity n Process n ion Local Target olution for a TaRemote Targetolution for a G
em (DNS) Tra
Responses
ure c
Protocol (Affic /Responses
re
Pv4/IPv6) Tr
ure
es
A102.1]
ts
s grams
nd Flow Graph
arget t Gateway
raffic
RP) Traffic
raffic
h Information
Paage 15
Wireshark
Section
Section
Section 2
Section 2
Certified Netw
18: Analy(ICMP
De An An Dis Filt
19: Analy De An An Dis Filt
20: Analy De An De De De Tra De Im De An Dis Filt Se
21: Graph Us Ge Filt Ge Co Gr Gr Gr Int Int
ork Analyst Bo
yze Internet CPv4/ICMPv6efine the Purponalyze Normal nalyze ICMP Prossect the ICMPter on ICMP an
yze User Datefine the Purponalyze Normal nalyze UDP Prossect the UDP ter on UDP Tra
yze Transmisefine the Purponalyze Normal Tefine the Estabefine How TCP‐efine How TCP ack TCP Packetefine How TCP mprove Packet Lefine TCP Flow nalyze TCP Probssect the TCP Pter on TCP Trat TCP Protocol
h IO Rates ase Graphs to Vienerate Basic I/ter I/O Graphsenerate Advancompare Traffic aph Round Triaph Throughpaph TCP Sequeterpret TCP Witerpret Packet
oot Camp [2014
Control Mes6) Traffic ose of ICMP ICMP Traffic oblems P Packet Structnd ICMPv6 Tra
tagram Protose of UDP UDP Traffic oblems Packet Structuaffic
ssion Controose of TCP TCP Communiclishment of TC‐based ServiceConnections at Sequencing Recovers fromLoss Recovery Control blems Packet Structuffic Parameters
and TCP Treniew Trends /O Graphs s ced I/O GraphsTrends in I/O Gp Time ut Rates ence Numbersindow Size IssuLoss, Duplicat
4 Exam WCNA
ssage Proto
ure ffic
ocol (UDP) T
ure
ol Protocol (
cations CP Connectionss Are Refused are Terminated
m Packet Loss with Selective
re
nds
s Graphs over Time ues e ACKs and Re
A102.1]
ocol
Traffic
(TCP) Traffic
s
d
Acknowledgm
etransmissions
c
ments
Paage 16
Wireshark
Section 2
Section 2
Section 2
Section 2
Certified Netw
22: Analy(DHCP
De An An Dis Filt Dis
23: Analy De An An Dis Filt Ex Dis Gr Se An An An De Ex
24: Analy De An An An An Dis Filt Re
25: Analy An An Dis Filt An An Dis Filt
ork Analyst Bo
yze DynamicPv4/DHCPvefine the Purponalyze Normal nalyze DHCP Prssect the DHCPter on DHCPv4splay BOOTP‐D
yze Hypertexefine the Purponalyze Normal nalyze HTTP Prossect HTTP Pacter on HTTP orport HTTP Objsplay HTTP Staaph HTTP Traft HTTP Preferenalyze HTTPS Cnalyze SSL/TLS nalyze TLS Encrecrypt HTTPS Tport SSL Keys
yze File Transefine the Purponalyze Normal nalyze Passive Mnalyze Active Mnalyze FTP Probssect the FTP Pter on FTP Trafeassemble FTP
yze Email Tranalyze Normal nalyze POP Prossect the POP ter on POP Tranalyze Normal Snalyze SMTP Prssect the SMTPter on SMTP T
oot Camp [2014
c Host Configv6) Traffic ose of DHCP DHCP Traffic roblems P Packet Struct4/DHCPv6 TraffDHCP Statistics
xt Transfer Pose of HTTP HTTP Communoblems cket Structuresr HTTPS Trafficects tistics ffic Flows ences CommunicationHandshake rypted Alerts Traffic
sfer Protocoose of FTP FTP CommunicMode ConnectMode Connectioblems Packet Structurffic Traffic
affic POP Communiblems Packet Structuaffic SMTP Commuroblems P Packet Structraffic
4 Exam WCNA
guration Pro
ture fic
Protocol (HTT
nications s
ns
ol (FTP) Traff
cations tions ons
re
ications
ure
nication
ture
A102.1]
otocol
TP) Traffic
fic
Paage 17
Wireshark
Section 2
Section 2
Section 2
Section 2
Certified Netw
26: Introd An Ca Co Se Pre Co De An Dis Filt An Cu
27: Voice De An An Ex Ex Pla De Cre Filt
28: Basel De Ba Ba Ba Ba Ba Ba Ba Ba Ba Ba Ba
29: Find t Tro Ide Po Fin Wa An Wa Lo Ide
ork Analyst Bo
duction to 8nalyze Signal Stpture WLAN Tompare Monitot up WLAN Deepend a Radioompare Signal Sescribe 802.11 nalyzed Normassect Basic 802ter on WLAN Tnalyze Frame Customize Wires
over IP (VoIefine VoIP Traffnalyze Session nalyze VoIP Proamine SIP Trafamine RTP Traay Back VoIP Cecipher RTP Plaeate a VoIP Proter on VoIP Tra
line “Normaefine the Imporseline Broadcaseline Protocoseline Boot upseline Login/Loseline Traffic dseline Applicatseline Web Brseline Name Rseline Throughseline Wirelesseline VoIP Co
the Top Cauoubleshoot Peentify High Latoint to Slow Prond the Locationatch Signs of Mnalyze Traffic Ratch for Small ok for Congestentify Applicat
oot Camp [2014
02.11 (WLAtrength and IntTraffic or Mode and Pcryption tap or PPI HeaStrength and STraffic Basics l 802.11 Comm2.11 Frame EleTraffic Control Types ashark for WLAN
IP) Analysisfic Flows Bandwidth andoblems ffic affic onversationsayer Marker Deofile affic
al” Traffic Partance of Baseast and Multicaols and Applicap Sequences ogout Sequencduring Idle Timtion Launch Seowsing SessionResolution Sesshput Tests s Connectivityommunications
ses of Perforformance Proency Times ocessing Timesn of Packet LosMisconfiguratioRedirections Payload Sizestion ion Faults
4 Exam WCNA
AN) Analysisterference
romiscuous M
der Signal‐to‐Noise
munications ments
and Subtypes N Analysis
Fundamen
d RTP Port Def
efinitions
atterns lining ast Types and Rtions
ces
me equences and Kns sions
s
ormance Prooblems
s ss ons
A102.1]
s
Mode
e Ratios
tals
finition
Rates
Key Tasks
oblems
Paage 18
Wireshark
Section 3
Section 3
Section 3
Certified Netw
No
30: Netwo Co Ga Av Ha Re Co
31: Detec De De De De De De De Kn An De De Us De Ide
32: Analy Ide Fin Ide Dif Fin Ide Ca Lo Ca Ca Sp Wa Ide Bu
ork Analyst Bo
ote Any Name
ork Forensicompare Host toather Evidence void Detection andle Evidenceecognize Unusuolor Unusual Tr
ct Scanning efine the Purpoetect ARP Scanetect ICMP Pingetect Various Tetect UDP Port etect IP Protocoefine Idle Scansnow Your ICMPnalyze Tracerouetect Dynamic efine Applicatiose Wireshark foetect Active OSentify Spoofed
yze Suspect entify Vulnerabnd Maliciously entify Invalid offerentiate betnd Clear Text Pentify Phone Htch Unusual Prcate Route Redtch ARP Poisontch IP Fragmenot TCP Splicingatch Other Unentify Passworuild Filters and
oot Camp [2014
Resolution Fau
cs Overview o Network Fore
e Properly ual Traffic Patteraffic Patterns
and Discovose of Discovers (aka ARP Sweg Sweeps Types of TCP PoScans ol Scans s P Types and Coute Path DiscovRouter Discoveon Mapping Pror Passive OS FS Fingerprinting Addresses and
Traffic bilities in the TMalformed Paor Dark Destinatween FloodingPasswords and Home Behaviorrotocols and Adirection Usingning ntation and Ovg usual TCP Trafrd Cracking AttColoring Rules
4 Exam WCNA
ults
ensics
erns
very Processry and Reconnaeeps)
ort Scans
des very ery rocesses Fingerprintingg d Scans
TCP/IP Resolutiackets ation Addresseg or Standard DData r Applications g ICMP
verwriting
fic empts s from IDS Rule
A102.1]
ses aissance
ion Processes
es Denial of Servi
es
ce Traffic
Paage 19
Wireshark
Section 3
Certified Netw
33: Effect De Us Ca Lis Ed Me Co Ca De
ork Analyst Bo
tive Use of Cefine the Purpose Wireshark.epture Traffic wst Trace File Deit Trace Files werge Trace Fileonvert Text witpture Traffic wefine Rawshark
oot Camp [2014
Command-Lose of Commanxe (Command‐with Tshark etails with Capiwith Editcap es with Mergech Text2pcap with Dumpcapk
4 Exam WCNA
Line Tools nd‐Line Tools ‐Line Launch)
infos
cap
A102.1]
Paage 20
