Upload
pius-nolih
View
217
Download
0
Embed Size (px)
Citation preview
8/8/2019 wsucertinfopk11Aug10[1]
1/21
Wireshark University
Get Certified on the Worlds
Foremost Network ProtocolAnalyzer
8/11/2010
Wireshark isranked #1 in IT
industry securitytools in the
SECTOOLS 2010Top Tools Survey
8/8/2019 wsucertinfopk11Aug10[1]
2/21
For more information visit www.wiresharktraining.com/certification 1[v100.1a 081110]
Welcome to Wireshark University and the
Wireshark Certified Network Analyst Program
Wireshark (formerly Ethereal) has become the de facto industry standard open source productfor network analysis, troubleshooting and security. Over 500,000 IT professionals worldwide
download Wireshark each month. Wireshark has proven to be a necessary tool for locating thecause of network performance issues and identifying security breaches. In addition, Wireshark isused in worldwide multi-vendor training programs to visualize network communication processes.
The Wireshark Certified Network Analyst Exam was designed to confirm individual competenciesin using Wireshark to locate the cause of network problems (poor performance or security-related) and confirm your knowledge of TCP/IP network communications in general.
The Exam is based on the thirty-three areas of study defined in the Exam Focus and Contentsection of this document. The four primary areas covered in this Exam are:
Wireshark Functionality
TCP/IP Network Communications
Network Troubleshooting
Network Security
Register for the Wireshark Certified Network Analyst Exam at www.webassessor.com/pai.
8/8/2019 wsucertinfopk11Aug10[1]
3/21
For more information visit www.wiresharktraining.com/certification 2[v100.1a 081110]
ContentsContents ....................................................................................................................................... 2Exam Overview ............................................................................................................................. 3Exam Pricing ................................................................................................................................. 3Pass/Fail Grading ......................................................................................................................... 3Question Formats ......................................................................................................................... 3
Test Retake Procedure ................................................................................................................. 3Exam Registration ........................................................................................................................ 4Taking Your Proctored Exam ....................................................................................................... 4Acceptable Forms of Identification ............................................................................................... 4Closed Book Policy ....................................................................................................................... 4Cancellation/Rescheduling Details ............................................................................................... 4Cancellation/Rescheduling within 72 Hours of Your Exam Appointment ..................................... 5In Case of Test Problems or Questions ........................................................................................ 5Certification Maintenance and Expiration ..................................................................................... 5
Frequently Asked Questions (FAQ) ................................................ 6Can I keep my belongings with me during the test session? ................................................... 6
May I bring food or drinks into the testing room? ..................................................................... 6How do I register for the Wireshark Certified Network Analyst Exam ? ................................... 6Can I take the Exam at the same time I register? .................................................................... 6How long does the Exam take? ................................................................................................ 6Is the Exam in English only? .................................................................................................... 6Where can I take the Exam? .................................................................................................... 6What do I get when I pass my Exam? ...................................................................................... 6How long is my certification valid? ............................................................................................ 7What are the Continuing Professional Education (CPE) requirements? .................................. 7How do I take the Practice Exam? ........................................................................................... 7How do I prepare for the certification exam? ............................................................................ 7Should I register for the Exam before attending a Wireshark class? ....................................... 7
How does the Wireshark Certified Network Analyst designation compareto other IT industry certifications ? ............................................................................................ 8Who created this Certification? ................................................................................................. 8Will this certification help my job prospects/career advancement? .......................................... 8
Exam Preparation ............................................................................. 9Online Self-Paced Training ........................................................................................................... 9
Core 1: Analyzing TCP/IP Networks with Wireshark ............................................................ 9Core 2: Troubleshooting and Securing TCP/IP Networks with Wireshark............................ 9All Access Pass Membership ................................................................................................... 9
Instructor-Led Training Partners ................................................................................................... 9Books .......................................................................................................................................... 10Customized Onsite and Online Training ..................................................................................... 10
Wireshark Certified Network Analyst Exam Objectives(Test WCNA100.1)........................................................................... 11
8/8/2019 wsucertinfopk11Aug10[1]
4/21
For more information visit www.wiresharktraining.com/certification 3[v100.1a 081110]
Exam OverviewSuccessful completion of the Wireshark Certified Network Analyst Exam indicates you have theknowledge required to capture network traffic, analyze the results and identify various anomaliesrelated to performance or security issues.
To earn the Wireshark Certified Network Analyst status, you must pass a single ExamtheWCNA-100x Exam and obtain twenty (20) CPE credits each year of your certification.
The Wireshark Certified Network Analyst Exam is available at hundreds of testing centers aroundthe world. You can take your Exam at a KRYTERION High-stake Online Secure Testing (HOST)location. Register for the proctored Wireshark Certified Network Analyst Exam online atwww.webassessor.com/pai.
1
The Wireshark Certified Network Analyst Exam is a closed-book Exam consisting of 100questions. The Exam time limit is 2 hours (120 minutes).
Exam Pricing
The Wireshark Certified Network Analyst Exam cost is USD 299. The Wireshark CertifiedNetwork Analyst Exam Practice Exam (online) cost is USD 29.
Pass/Fail GradingThe Wireshark Certified Network Analyst Exam is graded on a pass/fail basis. Passing scores areset by using statistical analysis. At the completion of the Exam, Candidates receive a score reportalong with a score breakout by Exam section.
Question FormatsThere are two forms of questions in the Wireshark Certified Network Analyst Examtrue/falseand multiple choice. Only one answer is correct for each multiple choice question. Manyquestions include images of Wireshark graphs or packet details.
Test Retake ProcedureIf you fail the Exam, you must wait five (5) business days before retaking the Exam. You mustpurchase another Test Taker Authorization Code at www.webassessor.com/pai. Only three (3)Exams with the same Exam identification number may be taken per calendar year.
1PAI represents the Protocol Analysis Institute, the parent company of Wireshark University and
Chappell University.
8/8/2019 wsucertinfopk11Aug10[1]
5/21
For more information visit www.wiresharktraining.com/certification 4[v100.1a 081110]
Exam RegistrationRegister for the proctored Wireshark Certified NetworkAnalyst Exam online at www.webassessor.com/pai.Step-by-step Exam Registration instructions areavailable at www.wiresharktraining.com/certification.
Taking Your Proctored ExamOnce your registration and scheduling is complete, youwill receive an email confirmation which includes thedetails of your registration including your Test Taker Authorization Code. The email also includesthe HOST location address and the date and time of your test session. This email is the onlyreceipt you will receive from Kryterion.
You are required to bring two forms of identification with you to the HOST location, whichyour proctor verifies and records. In addition, you must bring your Test TakerAuthorization Code which you received in your registration confirmation email.
The proctor will hand you a document to read in the waiting room while they load your Exam inthe testing area. The testing center document prepares you for your Exam session.
Once your Exam has loaded, your proctor will show you where the restrooms are, store yourpersonal belongings in a secure compartment and answer any Exam session questions you mayhave. You may then begin your Exam. The Exam engine provides you with detailed instructionson how to take the Exam and guides you through each step of the Exam process.
You have two hours (120 minutes) to complete the Wireshark Certified Network Analyst Exam.You may review your answers before submitting your Exam. Unanswered questions are gradedas incorrect. When finished, you are prompted to notify your proctor that you have completed theExam. The proctor will then close your Exam session. You will receive your pass/fail notificationupon completion of the Exam.
Acceptable Forms of IdentificationAcceptable forms of photo ID include: government-issued drivers license or ID card, passport,military identification, an employee identification card or a student picture ID from an accreditedcollege or university. The following forms of non-photo ID are acceptable: credit card, checkcashing card or a bank debit card. A social security card is not an acceptable form ofidentification.
Closed Book PolicyThe Wireshark Certified Network Analyst Examis closed book format. No Internet access or opencomputer (other than the Exam system) is allowed during the Exam. Candidates may not accessany printed materials or electronic devices such as extra computers or USB flash drives.
Cancellation/Rescheduling DetailsIf you need to reschedule your Exam appointment, you may do so earlier than 72 hours of yourExam appointment. Log into your KRYTERION account at www.webassessor.com/pai and clickon View Schedule Details and the Reschedule button. IMPORTANT: Read the next sectionregarding cancellation and rescheduling within 72 hours of your Exam appointment.
8/8/2019 wsucertinfopk11Aug10[1]
6/21
For more information visit www.wiresharktraining.com/certification 5[v100.1a 081110]
Cancellation/Rescheduling within 72 Hours of YourExam AppointmentIf you wish to cancel or reschedule your Exam within 72 hours of your appointment, please callthe PAI Customer Support line at +1 408-378-7841.Do not attempt to contact Kryterion or thetesting center directly. You will be charged a $175 seating fee if you reschedule or cancel your
Exam appointment within 72 hours of your Exam appointment or do not show for your Examappointment.
In Case of Test Problems or QuestionsPlease first review the FAQ section of this document. If you have additional questions regardingthe certification process, your certification status or the Kryterion testing engine, contactWireshark University at [email protected] or call +1 408-378-7841.
Certification Maintenance and ExpirationYour Wireshark Certified Network Analyst status is valid for three (3) years from the date ofsuccessful Exam completion. Twenty (20) Continuing Professional Education (CPE) credits arerequired yearly to maintain your certification in good standing. CPE credits must be obtained inthe area of (a) network communications, (b) troubleshooting, (c) network testing/optimization or(d) network security. For more information on obtaining and reporting CPE credits, refer towww.wiresharktraining.com/certification.
8/8/2019 wsucertinfopk11Aug10[1]
7/21
For more information visit www.wiresharktraining.com/certification 6[v100.1a 081110]
Frequently Asked Questions (FAQ)
Can I keep my belongings with me during the test session?Your personal items may not be accessed during the test session. Personal items include: bags,
wallets, purses, briefcases, watches, books, beepers, cell phones, electronic organizers andcalculators. You should, however, keep your identification with you at all times.
May I bring food or drinks into the testing room?No, tobacco products, food, drink, and chewing gum are not allowed in the testing area.
How do I register for the Wireshark Certified Network Analyst Exam?Step-by-step Exam Registration instructions are available atwww.wiresharktraining.com/certification.
Can I take the Exam at the same time I register?
Not the proctored Examthe earliest you can schedule your Exam is 72 hours before yourdesired Exam date/time. Registrants can take the unproctored Practice Exam immediatelyfollowing registration.
How long does the Exam take?Candidates are provided two hours (120 minutes) to complete the Exam. An Exam timer indicatesthe remaining Exam time. A question counter indicates the number of questions answered andtotal number of questions in the Exam. A Review Test option allows you to mark questions forreview and revisit all questions and answers in the Exam. You may skip questions during theExam, but it is recommended you complete each question before submitting your Exam forgrading. Unanswered questions are marked incorrect. The Practice Exam also includes a twohour (120 minutes) time limit.
Is the Exam in English only?Currently the Exam and Practice Exam are only available in English.
Where can I take the Exam?The Wireshark Certified Network Analyst Exam is delivered by Kryterion, Inc. Kryterion hashundreds of testing centers around the world. Visit www.kryteriononline.com/host_locations/tolocate a Kryterion High-stake Online Secure Testing (HOST) location near you.
What do I get when I pass my Exam?Within fifteen (15) business days of successful completion of the Exam, Wireshark University willsend your Wireshark Certified Network Analyst Welcome Kit. The Welcome Kit includes yourCertificate, Certification ID Number, valid certification date details and additional informationregarding your certification maintenance, CPE credits and information regarding access to andusage of the Wireshark Certified Network Analyst logo.
8/8/2019 wsucertinfopk11Aug10[1]
8/21
For more information visit www.wiresharktraining.com/certification 7[v100.1a 081110]
How long is my certification valid?Wireshark Certified Network Analyst status is validfor three (3) years from the date of successful Examcompletion. During that three (3) year period, youmust retain your Wireshark Certified Network Analyst
certification in good standing by obtaining twenty (20)CPE credits yearly.
What are the Continuing ProfessionalEducation (CPE) requirements?Twenty (20) CPE credits will be required to maintain your certification in good standing byensuring you are staying current with network analysis practices and technologies. CPE creditsmust be obtained in the areas of:
(a) network communications(b) network troubleshooting(c) network testing/optimization
(d) network security
CPE credit information must be submitted to Wireshark University on an annual basis. For furtherinformation on acceptable CPE options and to submit your CPE information, visitwww.wiresharktraining.com/cpe.
How do I take the Practice Exam?Register for the Practice Exam just as you register for the final Exam. Your Practice Exam isavailable for you to take as soon as you have completed the registration process atwww.webassessor.com/pai. Locate the Launch button for your Exam on your Webassessorhome page. If you need to stop your Practice Exam for some reason, you may do so simply byclosing the Practice Exam window. Any questions you have already answered have been savedfor you. If the Practice Exam was interrupted due to technical issues, you may re-launch the
Practice Exam by logging into your Webassessor home page and clicking the Launch button.The Practice Exam will resume at the first unanswered question. You have two hours (120minutes) of active time to complete the Practice Exam.
How do I prepare for the certification exam?You can prepare for the Wireshark Certified Network Analyst Exam using self-paced, instructor-led or on-the-job study. Refer to Exam Preparation on page 9 for more details.
Should I register for the Exam before attending a Wireshark class?Most students wait until after taking their Wireshark training courses to register for the Exam. Youshould only schedule your Exam after you feel comfortable with the subject material.
8/8/2019 wsucertinfopk11Aug10[1]
9/21
For more information visit www.wiresharktraining.com/certification 8[v100.1a 081110]
How does the Wireshark Certified Network Analyst designationcompare to other IT industry certifications?The Wireshark Certified Network Analyst designation is focused on not only Wireshark, but alsokey TCP/IP communications areas that can be investigated when troubleshooting or securing anetwork. The Wireshark Certified Network Analyst designation will identify you as an ITprofessional who is keeping up with current techniques and the worlds most popular networkanalyzer tool. The Wireshark Certified Network Analyst designation is an ideal complement to theCISSP, CCIE, CNP, Network+ and Security+ certifications.
Who created this Certification?Wireshark University was co-founded by Gerald Combs (creator of Wireshark) and LauraChappell, world-renown network analyst, in 2007. One element of Wireshark University is theWireshark Certified Network Analyst designation. Topics included in the Exam come from thethirty-three areas of study for network analysts (see Wireshark Certified Network Analyst ExamObjectives on page 11).
Will this certification help my job prospects/career advancement?If you want to attain a competitive edge and help improve employability and earning potential,obtaining your Wireshark Certified Network Analyst designation can help position you in the jobmarket. Wiresharks increasing popularity (with over 500,000 downloads per month) and leadingrole as the in-house de facto tool for troubleshooting and security increases the value of thiscertification immensely.
8/8/2019 wsucertinfopk11Aug10[1]
10/21
For more information visit www.wiresharktraining.com/certification 9[v100.1a 081110]
Exam PreparationThe Wireshark Certified Network Analyst Examfocuses on TCP/IP communications analysis, methodsfor using Wireshark to identify the cause of network
problems, and the evidence that a network is underreconnaissance or a host has been breached.Consider the following options for Exam preparation.
Online Self-Paced Training
Core 1: Analyzing TCP/IP Networks with WiresharkIn this self-paced course, students discover effective Wireshark operations and packet-level TCP/IP communications by examining both properly-performing and poorly-performing networks as they prepare for the Wireshark Certified Network Analyst Exam.The Core 1 course is available online at www.chappellU.com and is included in the AllAccess Pass listed below. [25 sections, 46 labs, approximately 22 hours of online training]
Core 2: Troubleshooting and Securing TCP/IP Networks withWiresharkIn this self-paced course, students gain the skills required to effectively troubleshoot andsecure a TCP/IP network by analyzing network traffic with Wireshark as they prepare forthe Wireshark Certified Network Analyst Exam. Student learns techniques to analyzetraffic on poorly performing TCP/IP networks and identify reconnaissance processes onthe network as well as indicators that a host is compromised. The Core 2 course isavailable online at www.chappellU.com and is included in the All Access Pass listedbelow. [19 sections, 53 labs, approximately 25 hours of online training]
All Access Pass Membership
The All Access Pass (AAP) training membership provides access to Core 1, Core 2,Wireshark Certification Study Sessions, live online training events and additional onlinetraining in the areas of network analysis, troubleshooting, optimization and security.Visit www.chappellU.com to view the contents of the All Access Pass.
Instructor-Led Training PartnersFor an updated list of Wireshark University Certified Training Partners, visitwww.wiresharktraining.com/iltpartners.
Global Knowledge - North America - www.globalknowledge.comGlobal Knowledge is the worldwide leader in IT and business training. Global Knowledgedelivers training via training centers, private facilities, and the Internet, enabling
customers to choose when, where, and how they want to receive training programs andlearning services.
SCOS Software bv Europe - www.scos.nlPolarisavenue 532132 JH HoofddorpThe NetherlandsEmail: [email protected]: 0031 (0)23 568 5615Fax: 0031 (0)23 562 1072
8/8/2019 wsucertinfopk11Aug10[1]
11/21
For more information visit www.wiresharktraining.com/certification 10[v100.1a 081110]
Procyon Networks bv Europe - www.procyon.nlAnna Blamanstraat 85803 AW VenrayThe NetherlandsPhone: 0031 (0)478 568 568Fax: 0031 (0)478 568 553
BooksWireshark Network Analysis: The Official WiresharkCertified Network Analyst Study GuideThis comprehensive book covers all thirty-three areas of studyfor the Wireshark Certified Network Analyst Exam while providingnumerous case studies, tips and tricks for using Wiresharkefficiently to troubleshoot and secure networks.ISBN10: 1-893939-99-5ISBN13: 978-1-893939-99-8Paperback: 800 pagesBook URL: www.wiresharkbook.com
Wireshark Certified Network Analyst: OfficialExam Prep GuideThis book provides 300+ practice quiz questionsbased on the thirty-three areas of study defined forthe Wireshark Certified Network Analyst Exam andincludes timed and untimed quizzes on theaccompanying CD. This Official Exam Prep Guideoffers a companion to Wireshark Network Analysis:The Official Wireshark Certified Network AnalystStudy Guide.10-digit ISBN: 1-893939-98-7
13-digit ISBN: 978-1-893939-98-1Paperback: 202 pages (includes CD)Book URL: www.wiresharkbook.com/epg
Customized Onsite and Online TrainingWireshark Universitywww.wiresharktraining.comWireshark University was founded in 2007 to provide training on Wireshark fortroubleshooting, security and optimization. Customized onsite courses can be arrangedto train multiple students at one time at your location or via the Internet for ageographically dispersed student base. Courses can be customized based on yournetwork details and design. For more information on customized onsite courses, [email protected] or call +1 408-378-7841.
8/8/2019 wsucertinfopk11Aug10[1]
12/21
For more information visit www.wiresharktraining.com/certification 11[v100.1a 081110]
Wireshark Certified Network Analyst Exam
Objectives (Test WCNA100.1)The Wireshark Certified Network Analyst Exam is based on thirty-three areas of concentration.
Section1:NetworkAnalysisOverview
DefinethePurposeofNetworkAnalysis
ListTroubleshootingTasksfortheNetworkAnalyst
ListSecurityTasksfortheNetworkAnalyst
ListOptimizationTasksfortheNetworkAnalyst
ListApplicationAnalysisTasksfortheNetworkAnalyst
DetailSecurityIssuesRelatedtoNetworkAnalysis
DefineLegalIssuesRelatedtoListeningtoNetworkTraffic
Overcomethe"NeedleinaHaystack"Issue
ReviewaChecklist
of
Analysis
Tasks
Section2:IntroductiontoWireshark
DescribeWireshark'sPurpose
KnowHowtoObtaintheLatestVersionofWireshark
CompareWiresharkReleaseandDevelopmentVersions
ReportaWiresharkBugorSubmitanEnhancement
CapturePacketsonWiredorWirelessNetworks
OpenVariousTraceFileTypes
DescribeHowWiresharkProcessesPackets
DefinetheElementsoftheStartPage
IdentifytheNineGUIElements
NavigateWireshark'sMainMenu
UsetheMainToolbarforEfficiency
FocusFasterwiththeFilterToolbar
MaketheWirelessToolbarVisible
AccessOptionsthroughRightClickFunctionality
DefinetheFunctionsoftheMenusandToolbars
Section3:CaptureTraffic
KnowWheretoTapintotheNetwork
KnowWhen
to
Run
Wireshark
Locally
CaptureTrafficonSwitchedNetworks
UseaTestAccessPort(TAP)onFullDuplexNetworks
DefineWhentoSetupPortSpanning/PortMirroringonaSwitch
AnalyzeRoutedNetworks
AnalyzeWirelessNetworks
DefineOptionsforCapturingatTwoLocationsSimultaneously
IdentifytheMostAppropriateCaptureInterface
8/8/2019 wsucertinfopk11Aug10[1]
13/21
For more information visit www.wiresharktraining.com/certification 12[v100.1a 081110]
CaptureTrafficRemotely
AutomaticallySavePacketstoOneorMoreFiles
OptimizeWiresharktoAvoidDroppingPackets
ConserveMemorywithCommandLineCapture
Section4:
Create
and
Apply
Capture
Filters
DescribethePurposeofCaptureFilters
BuildYourOwnSetofCaptureFilters
FilterbyaProtocol
CreateMAC/IPAddressorHostNameCaptureFilters
CaptureOneApplication'sTrafficOnly
UseOperatorstoCombineCaptureFilters
CreateCaptureFilterstoLookforByteValues
ManuallyEdittheCaptureFiltersFile
ShareCaptureFilterswithOthers
Section5:
Define
Global
and
Personal
Preferences
FindYourConfigurationFolders
SetGlobalandPersonalConfigurations
CustomizeYourUserInterfaceSettings
DefineYourCapturePreferences
DefineHowWiresharkAutomaticallyResolvesIP/MACNames
ConfigureStatisticsSettings
DefineARP,TCP,HTTP/HTTPSandOtherProtocolSettings
ConfigureProtocolSettingswithRightClick
Section
6:
Colorize
Traffic
UseColorstoSeparateTraffic
ShareandManageColoringRules
IdentifyWhyaPacketisaCertainColor
ColorConversationstoDistinguishThem
TemporarilyMarkPacketsofInterest
AlterStreamReassemblyColoring
Section7:DefineTimeValuesandInterpretSummaries
UseTimetoIdentifyNetworkProblems
DefineHowWiresharkMeasuresPacketTime
Choosethe
Ideal
Time
Display
Format
DealwithTimeAccuracyandResolutionIssues
IdentifyDelayswithTimeValues
CreateAdditionalTimeColumns
MeasurePacketArrivalTimesUsingaTimeReference
IdentifyClient,ServerandPathIssues
ViewaSummaryofTrafficRates,PacketSizes,andBytesTransferred
8/8/2019 wsucertinfopk11Aug10[1]
14/21
For more information visit www.wiresharktraining.com/certification 13[v100.1a 081110]
Section8:InterpretBasicTraceFileStatistics
LaunchWiresharkStatistics
IdentifyNetworkProtocolsandApplications
IdentifytheMostActiveConversations
ListEndpointsandMapthemontheEarth
ListConversations
or
Endpoints
for
Specific
Traffic
Types
EvaluatePacketLengths
ListAllIPAddressesintheTraffic
ListAllDestinationsintheTraffic
ListAllUDPandTCPPortsUsed
AnalyzeUDPMulticastStreams
GraphicFlowofTraffic
GatherYourHTTPStatistics
ExamineAllWLANStatistics
Section9:CreateandApplyDisplayFilters
DefinethePurposeofDisplayFilters
CreateDisplayFiltersUsingAutoComplete
ApplySavedDisplayFilters
UsetheExpressionsFilterSystem
MakeDisplayFiltersQuicklyUsingRightClickFiltering
DefineDisplayFilterSyntax
CombinedDisplayFilterswithComparisonOperators
AlterDisplayFilterMeaningwithParentheses
FilteronSpecificBytesinaPacket
UseDisplayFilterMacrosforComplexFiltering
AvoidCommonDisplayFilterMistakes
ManuallyEditthedfiltersFile
Section10:FollowStreamsandReassembleData
FollowandReassembleUDPConversations
FollowandReassembleTCPConversations
IdentifyCommonFileTypes
FollowandReassembleSSLConversations
Section11:CustomizeWiresharkProfiles
DefinethePurposeofWiresharkProfiles
ShareProfiles
CreateaCorporateProfile
CreateaWLANProfile
CreateaVoIPProfile
CreateaSecurityProfile
8/8/2019 wsucertinfopk11Aug10[1]
15/21
For more information visit www.wiresharktraining.com/certification 14[v100.1a 081110]
Section12:Save,ExportandPrintPackets
SaveFiltered,MarkedandRangesofPackets
ExportPacketContentsforUseinOtherPrograms
SaveConversations,Endpoints,I/OGraphsandFlowGraphInformation
ExportPacketBytes
Section13:UseWiresharksExpertSystem
LaunchExpertInfoQuickly
ColorizeExpertInfoElements
FilteronTCPExpertInformationElements
DefineTCPExpertInformation
Section14:TCP/IPAnalysisOverview
DefineBasicTCP/IPFunctionality
DefinetheMultistepResolutionProcess
DefinePort
Number
Resolution
DefineNetworkNameResolution
DefineRouteResolutionforaLocalTarget
DefineLocalMACAddressResolutionforaTarget
DefineRouteResolutionforaRemoteTarget
DefineLocalMACAddressResolutionforaGateway
Section15:AnalyzeDomainNameSystem(DNS)Traffic
DefinethePurposeofDNS
AnalyzeNormalDNSQueries/Responses
AnalyzeDNSProblems
Dissectthe
DNS
Packet
Structure
FilteronDNSTraffic
Section16:AnalyzeAddressResolutionProtocol(ARP)Traffic
DefinethePurposeofARPTraffic
AnalyzeNormalARPRequests/Responses
AnalyzeGratuitousARP
AnalyzeARPProblems
DissecttheARPPacketStructure
FilteronARPTraffic
Section17:AnalyzeInternetProtocol(IPv4)TrafficDefinethePurposeofIPv4
AnalyzeNormalIPv4Traffic
AnalyzeIPv4Problems
DissecttheIPv4PacketStructure
SetYourIPProtocolPreferences
FilteronIPv4Traffic
8/8/2019 wsucertinfopk11Aug10[1]
16/21
For more information visit www.wiresharktraining.com/certification 15[v100.1a 081110]
Section18:AnalyzeInternetControlMessageProtocol(ICMP)Traffic
DefinethePurposeofICMP
AnalyzeNormalICMPTraffic
AnalyzeICMPProblems
DissecttheICMPPacketStructure
Filteron
ICMP
Traffic
Section19:AnalyzeUserDatagramProtocol(UDP)Traffic
DefinethePurposeofUDP
AnalyzeNormalUDPTraffic
AnalyzeUDPProblems
DissecttheUDPPacketStructure
FilteronUDPTraffic
Section20:AnalyzeTransmissionControlProtocol(TCP)Traffic
Definethe
Purpose
of
TCP
AnalyzeNormalTCPCommunications
DefinetheEstablishmentofTCPConnections
DefineHowTCPbasedServicesareRefused
TrackTCPPacketSequencing
DefineTCPFlowControl
DefineHowTCPRecoversfromPacketLoss
ImprovePacketLossRecoverywithSelectiveAcknowledgments
AnalyzeTCPProblems
DissecttheTCPPacketStructure
FilteronTCPTraffic
SetTCP
Protocol
Parameters
Section21:GraphIORatesandTCPTrends
UseGraphstoViewTrends
GenerateBasicI/OGraphs
FilterI/OGraphs
GenerateAdvancedI/OGraphs
CompareTrafficTrendsinI/OGraphs
GraphRoundTripTime
GraphThroughputRates
GraphTCPSequenceNumbersoverTime
InterpretTCP
Window
Size
Issues
InterpretPacketLoss,DuplicateACKsandRetransmissions
8/8/2019 wsucertinfopk11Aug10[1]
17/21
For more information visit www.wiresharktraining.com/certification 16[v100.1a 081110]
Section22:AnalyzeDynamicHostConfigurationProtocol(DHCP)Traffic
DefinethePurposeofDHCP
AnalyzeNormalDHCPTraffic
AnalyzeDHCPProblems
DissecttheDHCPPacketStructure
Filteron
DHCP
Traffic
DisplayBOOTPDHCPStatistics
Section23:AnalyzeHypertextTransferProtocol(HTTP)Traffic
DefinethePurposeofHTTP
AnalyzeNormalHTTPCommunications
AnalyzeHTTPProblems
DissectHTTPPacketStructures
FilteronHTTPorHTTPSTraffic
ExportHTTPObjects
Display
HTTP
Statistics
GraphHTTPTrafficFlows
SetHTTPPreferences
AnalyzeHTTPSCommunications
DecryptHTTPSTraffic
Section24:AnalyzeFileTransferProtocol(FTP)Traffic
DefinethePurposeofFTP
AnalyzeNormalFTPCommunications
AnalyzeFTPProblems
DissecttheFTPPacketStructure
Filteron
FTP
Traffic
ReassembleFTPTraffic
Section25:AnalyzeEmailTraffic
DefinethePurposeofPOP
AnalyzeNormalPOPCommunications
AnalyzePOPProblems
DissectthePOPPacketStructure
FilteronPOPTraffic
DefinethePurposeofSMTP
AnalyzeNormalSMTPCommunication
AnalyzeSMTPProblems
DissecttheSMTPPacketStructure
FilteronSMTPTraffic
8/8/2019 wsucertinfopk11Aug10[1]
18/21
For more information visit www.wiresharktraining.com/certification 17[v100.1a 081110]
Section26:Introductionto802.11(WLAN)Analysis
AnalyzeSignalStrengthandInterference
CaptureWLANTraffic
CompareMonitorModeandPromiscuousMode
SetupWLANDecryption
ApplyaRadiotap
or
PPI
Header
CompareSignalStrengthandSignaltoNoiseRatios
Describe802.11TrafficBasics
AnalyzeNormal802.11Communications
FilteronWLANTraffic
AnalyzeFrameControlTypesandSubtypes
Section27:VoiceoverIP(VoIP)AnalysisFundamentals
DefineVoIPTrafficFlows
AnalyzeVoIPProblems
Analyze
SIP
and
RTP
Traffic
PlayBackVoIPCalls
CreateaVoIPProfile
FilteronVoIPTraffic
Section28:BaselineNormalTrafficPatterns
DefinetheImportanceofBaselining
BaselineBroadcastandMulticastTypesandRates
BaselineBootupSequences
BaselineLogin/LogoutSequences
BaselineTrafficDuringIdleTime
BaselineApplication
Launch
Sequences
and
Key
Tasks
BaselineWebBrowsingSessions
BaselineNameResolutionSessions
BaselineThroughputTests
BaselineWirelessConnectivity
BaselineVoIPCommunications
Section29:FindtheTopCausesofPerformanceProblems
TroubleshootPerformanceProblems
IdentifyHighLatencyTimes
PointtoSlowProcessingTimes
FindtheLocationofPacketLoss
IdentifySignsofMisconfigurations
AnalyzeTrafficRedirections
IdentifySmallPayloadSizes
IdentifyCongestion
IdentifyApplicationFaults
IdentifyNameResolutionFaults
8/8/2019 wsucertinfopk11Aug10[1]
19/21
For more information visit www.wiresharktraining.com/certification 18[v100.1a 081110]
Section30:NetworkForensicsOverview
CompareHostForensicstoNetworkForensics
GatherEvidence
AvoidDetection
HandleEvidence
RecognizeUnusual
Traffic
Patterns
ColorUnusualTrafficPatterns
IdentifyComplementaryForensicTools
Section31:DetectScanningandDiscoveryProcesses
DefinethePurposeofDiscoveryandReconnaissance
DetectARPScans(akaARPSweeps)
DetectICMPPingSweeps
DetectVariousTypesofTCPPortScans
DetectUDPPortScans
DetectIPProtocolScans
DefineIdleScans
IdentifyICMPTypesandCodes
AnalyzeTraceroutePathDiscovery
DetectDynamicRouterDiscovery
DefineApplicationMappingProcesses
UseWiresharkforPassiveOSFingerprinting
DetectActiveOSFingerprinting
IdentifySpoofedAddressesandScans
Section32:AnalyzeSuspectTraffic
DescribeSuspect
Traffic
IdentifyVulnerabilitiesintheTCP/IPResolutionProcesses
IdentifyUnacceptableTraffic
FindMaliciouslyMalformedPackets
IdentifyInvalidorDarkDestinationAddresses
DifferentiatebetweenFloodingorStandardDenialofServiceTraffic
FindClearTextPasswordsandData
IdentifyPhoneHomeBehavior
CatchUnusualProtocolsandApplications
LocateRouteRedirectionthatUsesICMP
CatchARPPoisoning
CatchIP
Fragmentation
and
Overwriting
IdentifyTCPSplicing
WatchOtherUnusualTCPTraffic
IdentifyPasswordCrackingAttempts
KnowWheretoLookSignatureLocations
8/8/2019 wsucertinfopk11Aug10[1]
20/21
For more information visit www.wiresharktraining.com/certification 19[v100.1a 081110]
Section33:EffectiveUseofCommandLineTools
DefinethePurposeofCommandLineTools
UseWireshark.exe(CommandLineLaunch)
CaptureTrafficwithTshark
ListTraceFileDetailswithCapinfos
EditTrace
Files
with
Editcap
MergeTraceFileswithMergecap
ConvertTextwithText2pcap
CaptureTrafficwithDumpcap
DefineRawshark
8/8/2019 wsucertinfopk11Aug10[1]
21/21
For more information visit www.wiresharktraining.com/certification 20
For more information on the Wireshark Certified Network Analyst Exam, please visitwww.wiresharktraining.com/certification or contact us directly.
Wireshark [email protected]
5339 Prospect Road, #343San Jose, CA 95129USA
Phone: +1 408-378-7841Fax: +1 408-387-7891