Conteúdo Programatico
What is Wireshark?
- Protocol analysers,
- Wireshark features,
- versions,
- troubleshooting techniques with Wireshark.
Installing Wireshark
- Downloading Wireshark,
- UNIX issues,
- Microsoft issues,
- The role of winpcap,
- Promiscuous mode,
- Installing Wireshark.
- Wireshark documentation and help.
- Hands on Downloading and installing Wireshark.
Capturing traffic
- Starting and stopping basic packet captures,
- the packet list pane, packet details pane, packet bytes pane, interfaces, using Wireshark in a switched architecture.
- Hands on Capturing packets with Wireshark.
Troubleshooting networks with Wireshark
Common packet flows.
Hands on Analysing a variety of problems with Wireshark.
Capture filters
- Capture filter expressions,
- Capture filter examples (host, port, network, protocol, worm),
- primitives,
- combining primitives,
- payload matching.
- Hands on Configuring capture filters.
Working with captured packets
- Live packet capture, saving to a file, capture file formats, reading capture files from other analysers, merging capture files, finding packets, going to a specific packet, display filters, display filter expressions.
- Hands on Saving captured data, configuring display filters.
Analysis and statistics with Wireshark
- Enabling/disabling protocols,
- user specified decodes,
- following TCP streams,
- protocol statistics,
- conversation lists,
- endpoint lists,
- I/O graphs,
- protocol specific statistics.
- Hands on Using the analysis and statistics menus.
Command line tools
- Tshark,
- capinfos,
- editcap,
- mergecap,
- text2pcap,
- idl2eth.
- Hands on Using tshark.
Advanced issues
- 802.11 issues,
- management frames,
- monitor mode,
- packet reassembling,
- name resolution,
- customising Wireshark.
- Hands on Customising name resolution.