This video training with Keith Barker covers Wireshark, the world's most popular
protocol analyzer, including topics such as installing Wireshark, navigating in
the GUI, customizing and using it as a troubleshooting tool and more. Recommended Skills =Familiarity with networking concepts and protocols =Network+ (equivalent knowledge) or greater Recommended Equipment =Windows, Linux or Mac OS to install Wireshark Related Job Functions: =Network professionals of all levels =Security experts =Developers =Educators Whether you need to perform a security application analysis or troubleshoot some thing on a network, Wireshark is the tool for you! The popular, open-source tool is dubbed the "world's foremost network protocol analyzer." (It's also free and is a cross-platform tool!) In this video training, CBT Nuggets trainer Keith Ba rker walks you through everything you need to know about this versatile analyzer . Hell teach you how to install Wireshark, navigate it, and utilize it to best fi t your needs. Topics he covers include: navigating the graphical user interface (GUI), creating profiles, filtering, customization and more. Get ready to learn Wireshark inside-out and how to use it to your benefit! Videos: Getting the Most From This Series In this video, Keith introduces the series, along with some examples of why usin g a protocol analyzer (such as Wireshark) is a critical skill. Keith explains th e prerequisites and techniques for getting the most from the time you spend enjo ying this Wireshark nugget series. Accessing the Nuggetlab files (as well as oth er series that are in progress but not yet finished) are demonstrated. Jumpstart with Wireshark Wireshark is the world's most popular (and free) protocol analyzer. In this Nugg et, Keith walks you through the installation, setup, and a capture-to get you st arted right away! The trace file created in this video is available in the Nugge tLab download area. Navigating in the GUI It's a Graphical User Interface (GUI), so how hard can it be? For someone who is n't aware of features or what the icons do, the GUI can appear unfriendly. Under standing the different areas in the GUI, and what they can do, will save hours o f trial and error. Those who are new to Wireshark, as well as people who have us ed it before, can learn some time-saving tidbits in this Nugget. Arranging Wireshark Your Way The default arrangement within Wireshark is a starting point, but most of us wil l be changing these settings to fit our needs better. In this Nugget, Keith walk s you through sorting, moving, hiding, and restoring columns, as well as using t he packet details area to view and manipulate the protocols captured in the trac e. Wireshark and GNS3 Using virtual environments are a great way to test and validate servers/applicat ions/devices before putting them on a live production network. GNS3 provides an emulated network and has excellent Wireshark integration. In this Nugget, we tak e a sample network and then apply packet capturing to four different points in t hat network, in order to compare and contrast the network traffic as it crosses those points in the network. This Nugget focuses on Wireshark. For videos on the GNS3 specifically, please refer to the GNS3 series right here at CBT Nuggets. A lso, the four capture files used in this video are available for download from t he NuggetLab area. Dissectors Wireshark uses many groups of protocol interpreters (behind the scenes) called " dissectors." These dissectors provide the useful information that we typically s ee in the details area for a capture. In this Nugget, we will take a look at how Wireshark knows which dissector to use to interpret a specific layer of a proto col stack, and what we can do when Wireshark doesn't know what dissector to use. Profiles Wireshark is used for various purposes. One day we might be doing security appli cation analysis, and the next day, troubleshooting latency on the network. The c ustomization of the columns and fields used for each type of analysis will be di fferent, and that is where profiles can save a bunch of time. By creating profil es with the perfect settings for a given task, we can switch back and forth betw een profiles on the fly, and not have to manually alter the settings each time w e use Wireshark. In this Nugget, Keith walks you through creating a custom profi le, and changing some of the defaults regarding the new profile. The capture fil e used in this video is available in the NuggetLab download area. Looking for Latency By using the column for TCP Delta for individual sessions, we can see how long o f a delay exists between the packets in a TCP stream. In this Nugget, Keith disc usses where latency may exist and how to start using Wireshark to identify it. T his video also demonstrates how to move settings from a custom profile from one computer to another. The files used in this video, including additional IOS rout er commands (that inject latency at R2), can be found in the NuggetLab files ass ociated with this video. Controlling the Capture There are several ways to capture network traffic so that Wireshark can use it. In this Nugget, Keith explains several options including taps, SPAN and local in terfaces. Once the location of the capture has been identified, there are severa l important options such as not filling up your the hard disk that need to be co nsidered as well. Using multiple file options, including a ring buffer, are expl ained and demonstrated. Supporting NuggetLab files for this video are available. Capture Filters When there are gigabytes of data flowing across the network, and we need 24 hour s worth of capture time, there will likely be a challenge regarding disk space o n the Wireshark computer (even if splitting the capture over multiple files). In this Nugget, Keith walks you through and demonstrates the use of Capture Filter s in Wireshark. Capture Filters allow Wireshark to only include the traffic you specify (that will be saved in the capture file), while everything else is filte red out. The homework assignment for this video is available in the NuggetLab ar ea. Display Filters Many times, capture files can be large and contain thousands of network conversa tions. Using a Display Filter, we can tell Wireshark which packets to display, a llowing us to focus on that specific traffic. In this Nugget, Keith demonstrates the logic, creation, and use of Display Filters. The starting profile preferenc e file used in this video in available in the NuggetLab area, along with the cap ture file used in this video. Adv. Display Filters Often, to see the exact traffic we want to see, a complex (or at least more deta iled) Display Filter is needed. In this Nugget, Keith walks you through how to c reate advanced filters using the details pane of Wireshark, and the all-powerful right mouse button. The profile and capture files for this video are in the Nug getLab area for this video. Zeroing in on Conversations Focusing on a single conversation among the thousands that may be part of a capt ure file could be like looking for a needle in a haystack. Fortunately, Wireshar k has some sweet tools to assist us in following conversations. In this Nugget, Keith walks you through four separate ways to focus on specific conversations wi thin a capture file. The capture file, along with the preferences file for the p rofile used in this video, are available in the NuggetLab area. Upgrading Wireshark In this Nugget, Keith walks you through the upgrade to version 1.10. This new ve rsion hosts a variety of new features including auto-update, HTTP request-respon se time-stamps and additional display filter functionality. The two capture file s demonstrated in this video, along with the preferences file from the profile u sed at the beginning of the video, are available in the NuggetLab area for this video. Sorting out a Troubled Network What's really going on inside of the network? In this Nugget, join Keith on a jo urney to investigate (based on a Wireshark capture, and using your display filte r skills) to identify what type of malicious traffic is on the network. The capt ure file, profile preferences file and "Solution for display filter.txt" are all available in the NuggetLab area. Raspberry Pi Remote Monitoring Having a remote dedicated capturing device on remote switches is a luxury, and b y using a Raspberry Pi for that remote monitoring, the price just went way way d own. In this Nugget, Keith demonstrates how you can use a $35 (US) Raspberry Pi, and support X Windows GUI right back to your management computer. How Regular are Your Expressions? Wireshark's display filters support using regular expressions and wildcards that can save us lots of time when searching our packet captures. In this Nugget, Ke ith walks you through examples of when and how to use these including demonstrat ions. The capture file, regular expression file, and the preferences file from t he profile used in the video are all available in the NuggetLab area. Download t hem and have them ready so you can practice right along with the video. Coloring Rules Another method to assist us in seeing and interpreting packets is to use colorin g rules for various types of packets. In this Nugget, Keith walks you through ho w to determine why a color was used, and then how to change the defaults if desi red. Exporting custom color settings for portability are also discussed and demo nstrated. The profile preferences file, along with the capture file used in this video, are available in the NuggetLab area. Using Temporary Colors Coloring rules are great, but what about temporarily assigning a color to focus on a specific conversation or session in a specific trace file? In this Nugget, Keith explains and demonstrates how to use temporary colors to focus on the pack ets that are of most interest to you. The profile preferences file, along with t he capture file used in this video, are waiting for you in the NuggetLab area. Exporting How do we get a portion of a capture file (as part of a new file or a report), i nto the hands of those who need it? One solution is to use the Export feature in Wireshark. In this Nugget, Keith walks you through the benefits and options of exporting. The preferences file from the profile used in this video as well as t he capture file are available in the NuggetLab file area. Input/Output Graphs Identifying the protocols, hosts, subnets (etc) that are using up the most bandw idth is easily done with IO graphs in Wireshark. In this Nugget, Keith walks you through the creation and use of these graphs. The capture file used in this vid eo is available in the NuggetLab file area. Expert Infos in Wireshark When Wireshark offers a "recommendation" regarding a potential problem, it can a ssist us in finding problems more quickly. The "Expert Infos" comments that are added can automatically alert us to errors and issues within a capture file. In this Nugget, Keith walks you through using this feature. The preferences file (f rom the profile used at the beginning of this video) along with the capture used , are available as part of the NuggetLab files associated with this video. Seeing What the User Downloaded Two cooks with equal skills, the same recipe, and the same ingredients, can make the same meal. Likewise, when Wireshark has all the packets involved in a sessi on, it can often allow the recreation of the files seen or downloaded by a user. In this Nugget, Keith shows you how to see graphic files from HTTP sessions, an d how to recreate and locally save an FTP file from a Wireshark capture. The pro file preferences file along with the capture and other images used in this video are available in the NuggetLab file area for this video. VoIP One of the types of traffic we are likely to see in a capture file is Voice over IP (VoIP). In this Nugget, Keith walks you through how to look at, graph and re play voice conversations from the captured packets using Wireshark. The profile preferences file, along with the capture file used in this video are available v ia the NuggetLab file area for this video. IPv6 Using a protocol analyzer can shed light on what is really happening with IPv6, including the ability to verify what is actually happening on the network compar ed to what is supposed to happen. In this Nugget, Keith walks you through settin g up a test IPv6 network and then capturing and analyzing the traffic with Wires hark. Merging of files also is covered in this video. Capture and config files u sed in this Nugget are in the NuggetLab file area. Total Series Duration: 07:56:16