Advanced Network Troubleshooting Using Wireshark (Hands-on)

Transcription

1 Advanced Network Troubleshooting Using Wireshark (Hands-on) Description This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants with advanced capabilities for network troubleshooting. The course provides an in-depth knowledge of network behaviour and problems, and focuses on network protocols and applications analysis. The course focuses on the analysis of Wireless LAN, Internet protocols like DNS, HTTP1/2 and HTTPs, FTP and mail protocols, along with enterprise protocols like NetBIOS, Terminal Services, and database applications, along with VoIP and streaming protocols and deep in to network forensics using Wireshark. All topics covered in the course include theory, case studies and hand-on exercises, and is based on the new Wireshark version 2. Objectives By the end of the course, the participant will be able to: To explore in depth performance issues of TCP/IP To use advanced Wireshark tools and the Wireshark CLI Identify and resolve Wireless LAN problems Identify and locate faults in communication's common Internet-based applications HTTP, FTP, Mail, DNS and others Identify and locate faults in common enterprise applications databases, NetBIOS/SMB, RPC, MS-TS and others Identify and locate faults in various Voice/Video over IP and streaming applications, including SIP and RTP/RTCP To use Wireshark for security and network forensics Target Audience R&D, engineering and technical Support, IT and communication Managers Prerequisites Basic Network Troubleshooting using Wireshark course or equivalent knowledge. The participants should bring their laptops with Wireshark software (free download from the site -

2 Duration 3 Days Outline 1. Command-Line Tools and How to Use Them TShark and Dumpcap Command-Line Tools Capinfos Command-Line Tool Editcap Command-Line Tool Mergecap Command-Line Tool Text2pcap Command-Line Tool Split and Merge Trace Files 2. The Expert System Advance Usage Applications events Unusual network communications Vulnerabilities in the TCP/IP resolution process 3. Wireless LAN Analysis Wireless networks: b/g and n theory Working with the wireless toolbar The radio interface, frequencies, channels and other radio issues: analysis and troubleshooting, signal strengths and SNR Capture wireless LAN traffic - wireless adapters, monitor vs. promiscuous mode. Working with Airpcap adapters Working with decryption keys for analyzing encrypted data Analyzing data, control and management frames: beacons, probes requests & responses, authentication and associations, RTS/CTS/Ack Working with IO graphs and display filters Packet analysis and troubleshooting 4. IPv4 analysis ICMP Analysis ARP operation and analysis

3 DHCP analysis Multicast traffic analysis 5. In-depth analysis of TCP/UDP The Sliding Windows mechanism Ack frequency, delayed Ack and the Nagel algorithm Slow start, flow and congestion control TCP enhancements: Selective Ack, Time stamps, scale factor and more Deep dive into TCP packet analysis and performance issues Bandwidth/throughput and delay issues 6. Internet Applications Analysis and Troubleshooting SSL/TLS analysis and troubleshooting HTTP1/2 and HTTPs analysis and troubleshooting FTP analysis and troubleshooting Mail protocols SMTP, POP and IMAP analysis DNS operation and troubleshooting 7. VoIP Analysis IP telephony principles of operations SIP principles of operations, messages and error codes RTP, RTCP and media transfer Video over IP and RTSP Normal operation and what might get wrong Wireshark features for IPT: SIP, VoIP Calls, RTP, RTSP Capture and display filters for IPT and multimedia Wireshark features for IPT: RTP session parameters and stream analysis, filters, Steaming protocols analysis 8. Enterprise applications analysis Databases network-related problems Terminal-services protocols RPC analysis NetBIOS and SMB

4 9. SIP, IPT and Streaming applications IP telephony principles of operations SIP principles of operations, messages and error codes RTP, RTCP and media transfer Video over IP and RTSP Normal operation and what might get wrong Wireshark features for IPT - SIP, VoIP Calls, RTP, RTSP Capture and display filters for IPT and multimedia Wireshark features for IPT - RTP session parameters and stream analysis, filters 10. Network Security and Forensics Gather information what to look for Unusual traffic patterns Complementary tools MAC and IP address spoofing Attacks signatures and signature locations ARP poisoning Header and sequencing signatures Attacks and exploits TCP splicing and unusual traffic DoS and DDoS Attacks Protocol scans DNS-based attacks Find maliciously malformed packets Labs: LAB 1: Using TShark for packet capture LAB 2: Using Capinfos for capture statistics report LAB 3: Using Mergecap for merging capture file and analyse the results LAB 4: Using the Expert Infos to find application events LAB 5: Analyze slow wireless network LAB 6: Analyze packet losses in wireless network

5 LAB 7: Analyzing ICMP messages LAB 8: Analyzing DHCP problems LAB 9: Analyzing network problems with ARP LAB 10: Analyzing routing loops LAB 11: Analyzing IP reachability problems LAB 12: TCP performance issues LAB 13: TCP delay/jitter calculations LAB 14: TCP timestamps, scale factor and selective ACKs LAB 15: Analyzing SIP connectivity problems LAB 16: Analyse SSL/TLS connectivity LAB 17: Decrypt HTTPs Communications LAB 18: Analyzing HTTP errors LAB 19: Analyzing the reason for a slow website LAB 20: Analyzing freezes in a web page LAB 21: Slow FTP downloads LAB 22: Analyzing DNS problems LAB 23: Analyzing mail connectivity problems LAB 24: Analyzing slow connectivity to Terminal Servers LAB 25: Analyzing slow RPC-based applications LAB 26: Analyzing NetBIOS connectivity and performance problems LAB 27: Analyze the reason for slow database performance LAB 28: Analyze database freezes LAB 29: SIP connectivity problems LAB 30: Degradation in voice quality LAB 31: Video freezes analysis LAB 32: Freezes problems in surveillance cameras LAB 33: How to look for security breaches LAB 34: Discovering DOS and DDoS attacks LAB 35: Scanners and scanning attacks LAB 36: ARP poisoning LAB 37: Spoofing attacks LAB 38: discovering brute-force attacks LAB 39: Discovering DNS attacks LAB 40: Finding malicious files

6 Thank You!