Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

This Wireshark training with Keith Barker covers Wireshark, the world’s most popular protocol analyzer, including topics such as installing Wireshark, navigating in the GUI, customizing and using it as a troubleshooting tool, and more....
This Wireshark training with Keith Barker covers Wireshark, the world’s most popular protocol analyzer, including topics such as installing Wireshark, navigating in the GUI, customizing and using it as a troubleshooting tool, and more.

Whether you need to perform a security application analysis or troubleshoot something on a network, Wireshark is the tool for you! The popular, open-source tool is dubbed the “world’s foremost network protocol analyzer.” (It’s also free and is a cross-platform tool!) In this video training, CBT Nuggets trainer Keith Barker walks you through everything you need to know about this versatile analyzer. He teaches you how to install Wireshark, navigate it, and utilize it to best fit your needs. Topics he covers include: navigating the graphical user interface (GUI), creating profiles, filtering, customization and more. Get ready to learn Wireshark inside-out and how to use it to your benefit.

Recommended Experience
  • Familiarity with networking concepts and protocols
  • Network+ (equivalent knowledge) or greater
Recommended Equipment
  • Windows, Linux, or Mac OS to install Wireshark
Related Certifications
  • Not applicable
Related Job Functions
  • Network professionals of all levels
  • Security experts
  • Developers
  • Educators
Keith Barker has been a CBT Nuggets trainer since 2012 and holds a variety of networking and security certifications, including Cisco CCIE Routing and Switching, Cisco CCIE Security, Cisco CCDP, HP-MASE, Brocade BCNP, (ISC)2 CISSP, CompTIA’s Network+ and Security+, VMware VCP5-DCV, Palo Alto CNSE, and Check Point CCSA.
 show less
1. Getting the Most From This Course (14 min)
2. Jumpstart with Wireshark (21 min)
3. Navigating in the GUI (22 min)
4. Arranging Wireshark Your Way (20 min)
5. Wireshark and GNS3 (23 min)
6. Dissectors (19 min)
7. Profiles (19 min)
8. Looking for Latency (27 min)
9. Controlling the Capture (18 min)
10. Capture Filters (17 min)
11. Display Filters (22 min)
12. Adv. Display Filters (23 min)
13. Zeroing in on Conversations (14 min)
14. Upgrading Wireshark (17 min)
15. Sorting out a Troubled Network (31 min)
16. Raspberry Pi Remote Monitoring (17 min)
17. How Regular are Your Expressions? (16 min)
18. Coloring Rules (23 min)
19. Using Temporary Colors (10 min)
20. Exporting (19 min)
21. Input/Output Graphs (12 min)
22. Expert Infos in Wireshark (13 min)
23. Seeing What the User Downloaded (15 min)
24. VoIP (18 min)
25. IPv6 (17 min)

Getting the Most From This Course

00:00:00

Hello, I'm Keith Barker. And on behalf of the entire CBT Nuggets family, I'd like to welcome you to this Nugget series on Wireshark. Let's begin. Wireshark is the planet's most popular and free protocol analyzer. It's actually fantastic. Now, you're probably familiar with WireShark.

00:00:19

But if you're not, let me give you a brief reason why this is so powerful and what Wireshark can do for us. Let's say we have a scenario with a PC that's acting as a client and we're talking over to a server. Maybe it's a SQL Server, some type of the database server.

00:00:32

And maybe we are directly connected. Or maybe there's some routers in between us-- that part really doesn't matter too much. But the scenario goes something like this-- the client makes a request to the SQL Server. And the response comes back and it takes 60 seconds for that response to be graphically shown on the screen.

00:00:49

That's a long time. I mean, 60 seconds is lifetimes in the world of computers and networks. So here's my question, where is the delay happening? Is it the client somehow delaying the actual request? Or is it the server or the back end that's somehow delaying the response?

00:01:05

Or is it the PC, who gets the response immediately but has to crunch all the data to put on the screen? That's a fantastic question. The solution to finding out where the delay is to use WireShark. We could capture the data on this network segment right here.

00:01:19

And then take a look. If the request goes out and five milliseconds later the response comes back completely-- we could then say it's the PC that's causing the slow down as it crunches all the data. On the other hand, if the request goes out, and 45 full seconds later the response comes back-- we could then attribute the delay to something that's happening at the SQL Server, or very unlikely, the network.

00:01:41

Usually networks are not going to slow packets for 45 seconds. And we could also sample at different areas in our network just to verify that. But that's just one out of millions of possible applications for using Wireshark to assist us in understanding what's really going on on the network.

00:01:58

Another question that comes up is Keith what's exactly in the Wireshark series? I'd like to share with you an overview of what's inside. And an inside tip on how in the future, you don't have to wait for a series to be completed to go ahead and start enjoying and watching the videos.

00:02:13

So I'm currently logged onto my CBT Nuggets account. And if I wanted to see what current videos are in progress and be able to view them before there even done, here's how we could do that. Under video training, right here there's a tab called upcoming video, we simply click that.

00:02:28

And all of the videos that are currently in progress are right here. Not only does it give a status on them, it also gives us the ability to view the videos that are already done in that series. So here we can see that James has a Window 8 series in progress, he's got 31 out of 40.

00:02:43

And if we wanted to start viewing those, you don't have to wait until the complete series is done. You can simply click on this link and go look at any of the videos that are currently published, which is right now a total of 31. Wireshark, which I'm doing the intro for right now is completely done.

00:02:58

So as soon as the videos get approved and processed, which will be the next business day. So by the time you see this, all 25 videos will be online and ready. But this is a great way where you do not have to wait to see the videos in progress. You can go ahead and start watching the series as they're being created.

00:03:16

So we want to take a look at the topics inside Wireshark, which is my objective here. We could click on this link for Wireshark. And scroll down. And here's what I did when I created this Wireshark series-- I simply thought to myself, self, what would I want to learn?

00:03:32

If somebody was teaching me for the very first time formally the details of Wireshark, what would I want to see, learn, and know how to do? And that is the series I put in place for you. So the end result is that you and I get to go through together all of these topics as you improve your skills with Wireshark.

00:03:49

And that can directly translate into applying those newly learned skills in a production environment where it's making a difference. So there's 25 videos in all in this Wireshark series, which includes this introduction, which you're listening to right now.

00:04:03

This series is specifically designed to assist you regarding your role in your current network. For example, you might be designing networks, or verifying networks, or troubleshooting networks. The skills regarding Wireshark and protocol analysis will serve you very well in each of those areas.

00:04:20

Additionally, if you're learning new technologies, Wireshark is a terrific tool to reinforce, and validate what you're learning. For example, everybody knows about DHCP, right? So DHCP has four packets involved. We have the discover, the offer, the request, and the acknowledgement.

00:04:36

Like, Dora the Explorer, which is a sad but funny way to remember the four steps in that. Now my question is, at layer 2 are all these broadcasts? Or some of them broadcast? How does that work? And we might go out and search and say, oh yeah, all four packets are broadcast.

00:04:51

Or we might find out that, hey, two of these are broadcast, and two of them are unicast. So my question is, regarding each of these four packets at layer 2, are they broadcast on ethernet? Or are they not all broadcast? And depending on where you read and who you read, you could have different answers for that.

00:05:09

Well, you don't have to take anybody's word for it. We can lab it up and take a look with Wireshark. So that's the question, are all four packets layered to broadcast? And I'd like you to think about that for a moment. Based on your knowledge and your understanding, are they, or are they not?

00:05:22

Now if you're saying, Keith, I think they're all broadcast. You might be absolutely right if you're taking a look at specific types of DHCP servers and specific types of DHCP clients. However, that is not always the case. And the way we can verify that and see that detail is using Wireshark.

00:05:39

Again, the world's most popular and free protocol analyzer. Because the packets do not lie. What it sniffs and what you see on the network is really what's occurring. The next logical step after that is to say, OK, why in the world is that occurring?

00:05:53

Which leads us to further discovery about the real behavior of the protocols on our networks. Another thing I'd like to address with you right now are there prerequisites for this series, for really getting the most out of the Wireshark series. There's different certifications out there.

00:06:08

For example, Comp T has something called, Network+. And then we have vendor certifications, Cisco's got some, CCENT, and so forth that they have at the entry level. Juniper has some. And HP also has entry level ones as well. And other vendors. And then as those go up, they go into the professional level.

00:06:32

And then there's also the expert level at the high end reach of those. So the question is, OK Keith, do I need any of those certifications to really appreciate Wireshark? And the answer is, no. You're welcome to enjoy this series, however, you really deserve to have at least at this level of understanding-- Network+ or greater to take advantage of it.

00:06:51

So for example, you know how ARP operates. You know what DHCP is. You understand three-way handshakes with TCP. You understand the basics of IP addressing and application layer, and all that. So the basics, the fundamentals of networking you already got in your mind.

00:07:06

That would be the prerequisites for taking advantage of this course. Now you might be saying, well Keith, I'm brand new to networking, I don't know the basics-- I don't know ARP, I don't know DHCP, I don't know IP addressing. What do I do? The answer is really simple, go ahead and go through Network+.

00:07:21

It's sitting there as part of your subscription with CBT Nuggets, it's available. Start with Network+ first as a really solid foundation. And using Network+ as a foundation, whether you take certification testing or not, the knowledge you gain from Network+ about how networks operate, you can then leverage that as you take additional courses-- like the Wireshark series, this one, CCNA, Juniper, and other vendor specific networking technologies.

00:07:48

The primary objective for unite in this series is to identify how to use the tool called Wireshark. So that will be our primary focus in the entire series. It's very likely that you've experienced the CBT Nuggets series before. But if this is your first, let me take just a moment to welcome you.

00:08:04

And also to tell you how we do our training. We do a ton of white board work. We use network diagrams. And primarily, especially in this series, we do a boatload of live demonstrations. And in those demonstrations, we'll set up a scenario. We'll demonstrate why a specific tool inside Wireshark would be effective.

00:08:22

And then we'll demonstrate actually using the tool to get the results that we're looking for. Another really cool benefit that you and I get to enjoy is that these videos are both short and there very, very direct. Let's say for example, it's two years down the road.

00:08:35

You've enjoyed the video series. You got your start in really taking advantage of Wireshark in this series. And two years later you're thinking, you know what, how do I colorize a specific conversation inside Wireshark? You could come back to this series, go to that one specific Nugget, which is like less than 20 minutes.

00:08:52

And review it and boom, you're back in the saddle with those skills refreshed, ready to move forward. So it's a terrific resource to go back to after you've completed the entire series. What I could also guarantee is that these videos are fun. And they're also motivating.

00:09:07

Now, why is that? Well, the fact is the more we learn about something, the more excited we can get about it. So as we start to use these tools in Wireshark, for example, most people have touched Wireshark before. They've looked at it, they're like, whoa, this is pretty cool.

00:09:20

And that was about it. But once you start learning the bells and whistles. And how to tweak those nerd knobs inside of Wireshark to make it sing and dance and give us the detail that we're looking for. It becomes more exciting. And check it out, it becomes more of a reality as a production tool that you and I can use in a production network to solve problems, identify issues, and make our networks a better place.

00:09:42

So I totally get that time is a limited resource for everybody. So how can you and I squeeze that last drop of juice out of this video series? It's very, very simple. The first thing is to make time and watch the videos. And if you want to watch them a couple times just for reinforcement, that's often a great idea.

00:10:01

I would also recommend you take notes. I'm an avid note taker. I've got a spiral notebook after spiral notebook. But guess what, I rarely go back to them. I'll admit that. I rarely go back to them. But the reason I make the notes is because it helps me with yet another method, another sensory input of learning that information.

00:10:18

So individuals who jot down notes as they watch videos with a real pencil or pen and paper, it's going to assist you in remembering that detail later. So I would encourage you to take notes as you watch the videos. Another really big secret is to lab it up.

00:10:33

In virtually every video I've got a homework assignment for you. I've got the capture files and my profile preferences all tucked away in the Nugget lab files for each of the videos. And I'm going to give you a homework assignment. I don't want you to just watch the videos and say, wow, that was awesome, I can look at the HTTP delay between a request and a reply with web traffic.

00:10:54

I don't want you just to see it. I want you to practice it. So in the homework assignments I'm going to give you specific tasks related to what we just covered. And that will help reinforce and cement that as a skill. Once you practice it, that you can then take and apply to a production network.

00:11:11

Another little detail that's going to happen as you lab it up an start practicing with Wireshark, you're ISO behavior that I wasn't expecting. And I thought to myself, is this natural behavior based on this type of client? Or did I just misunderstand the protocol?

00:11:24

Or is there more for me to learn? And here's what I discovered, there is always more for me to learn. So using the Wireshark and a great Google search, you can have the opportunity to dig deeper. So for example, we could dig deeper and say, OK, for DHCP as an example-- how come for some clients and some DHCP servers, all four packets are layered to broadcast, and other times or not?

00:11:45

Or with IPV6 for example, how come sometimes a device will do a neighbor advertisement after it sends us duplicate address detection, and other times it won't? And that type of experience and seeing the actual packets and asking those questions is a terrific springboard for us to increase our knowledge about the protocols real behavior on the network.

00:12:05

So for me, the exciting part about you and I spending this time together in this series is that as you build your skills, as you do each of the homework assignments, and start practicing with Wireshark, you'll be able to apply those skills to your production network.

00:12:18

And that is where I'd like to pause just for a moment and offer a word of caution. So let's say we managed everything inside this red box. That's our network that we manage. The question is, the data that's coursing through the veins of this network, is that ours to freely look at and analyze with a protocol analyzer?

00:12:36

That's the question you need to ask. Every time that you capture data off of a network and start looking at the data-- because we can reassemble the file this guy downloaded from the internet. We can see the graphic images that he downloaded from the internet.

00:12:50

We can reassemble the voice over IP traffic and listen to a conversation. So the question is, although we can technically do that, we want to make sure that we have the authorization as well. We never want to do any type of eavesdropping or decoding of packets unless we have explicit authorization to do exactly that.

00:13:13

So for this entire series, that is my word of caution to you. Only look at traffic that you're authorized to capture and analyze. The actual capture files and other resources that I saved for you and your use as you go through these videos are in the Nugget lab file area.

00:13:30

Now one of the question that comes up is, Keith, where exactly is that Nugget lab file area? So let me take a moment and share with you exactly where to go to get those files. And here's the secret for Nugget labs. Once you're logged in, you simply go to your name, hover over your name, there will be a drop down list, simply go down to Nugget lab.

00:13:48

Click on that. And that will take you to the Nugget lab files. Each of these are links. So you go to the link for Wireshark, click on it. And that would give you an opportunity to download the Nugget lab files for the entire WireShark video series. Once you have them locally on your computer, you can then for each of the videos which have supporting files, access those files from your local hard drive.

00:14:10

I am very excited about spending this time with you in this series. Your homework assignment for this video is really simple. And that is to go to the next video titled, Jumpstart with Wireshark. I hope this has been informative for you. And I'd like to thank you for viewing.

Jumpstart with Wireshark

Navigating in the GUI

Arranging Wireshark Your Way

Wireshark and GNS3

Dissectors

Profiles

Looking for Latency

Controlling the Capture

Capture Filters

Display Filters

Adv. Display Filters

Zeroing in on Conversations

Upgrading Wireshark

Sorting out a Troubled Network

Raspberry Pi Remote Monitoring

How Regular are Your Expressions?

Coloring Rules

Using Temporary Colors

Exporting

Input/Output Graphs

Expert Infos in Wireshark

Seeing What the User Downloaded

VoIP

IPv6

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Entry 8 hrs 25 videos

COURSE RATING

Training Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Keith Barker
Nugget trainer since 2012