laur happell’s tr oubleshooting with iresharrk · laur ugust registe u th reshark to erformanc...

A

Trowi

Master Winetwork p

Use themethod

Customproblem

Rapidlydelays

Use thespot repacketand mo

LAUR

August

Registe

ouith

ireshark toperformanc

e 4-part trdology to c

mize Wiresms with thy identify aand applic

e Wireshaeceiver cont loss, out-ore.

RA C

11-13, 2

er onlin

bleW

o locate thce problem

oubleshoocatch probshark to dehe click of and graph cation delrk’s Experngestion, tof-order se

CHAP

2014 ● D

e at ww

eshirehe source oms quickly

oting blems. etect a button.path ays.

rt Infos to the point oegments

PPELL

Domain

ww.wire

hooesh

of y.

of

L’S

Hotel, S

sharktr

Host

otihar

Sunnyva

raining.

ted at the bea

ingrk

ale, Cali

.com

autiful Domain

®g

ifornia

n Hotel in Sun

®

nnyvale, Califoornia

CONTWho ShoulCourse TopWhen and W

August Domain

About LaurTuition andHotel DiscoHands-On TCancellatioEvening EvAbout the A

AAP PorSampleSample

Daily ScheSundayMondayTuesdayWednes

Detailed CContact Us

TENTS ld Attend ........pics ...............Where ...........11-13, 2014 .

n Hotel, Sunnyvra Chappell, Yod Discount Schount Booking aTraining–Bringon and Student

vents ..............All Access Passrtal Features ..

e Online Coursee Live Event Listdule .............., August 10 ....y, August 11 ...y, August 12 ...sday, August 13ontent Outline

s ....................

.....................

.....................

.....................

.....................vale, California our Instructor ..edule ............

and Details .....g Your Own Lapt Substitution P.....................s ($699 Value).....................

e List ..............t - 2014 .............................................................................................3 .............................................................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................top (BYOL) .....Policy ................................. .......................................................................................................................................................................................................................................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

.....................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

......................

....... 1

....... 1

....... 1

....... 1

....... 1

....... 2

....... 2

....... 2

....... 3

....... 3

....... 3

....... 4

....... 4

....... 4

....... 4

....... 5

....... 5

....... 5

....... 5

....... 5

....... 6

....... 8

REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM

1WHO SHOULD ATTEND This hands-on course is geared towards IT professionals, network engineers, and escalation teams who need to find network problems quickly. If you are responsible for any of the following network issues, this is the event for you!

Find the cause of slow file transfers Optimize the network Measure bandwidth use for an application or user Identify problematic infrastructure devices

COURSE TOPICS This hands-on course focuses on customization of Wireshark to identify numerous performance issues including the following:

Connection Blocked or Refused Application Request Refused Slow Application Response Times Server Application Faults Content Redirection TCP Receive Buffer Issues Altered TCP Connection Attributes Mismatched TCP Parameters Weak Signal (WLAN) Asymmetric Routing Packet Loss in the Infrastructure

High Path Latency Measurements Bandwidth Throttling Delayed ACKs/Nagle Issue Packets Queued along Path Route Redirections Virus/Malware on Network Hosts Name Resolution Problems Missing Selective Acknowledgment (SACK) No Support for Window Scaling Premature TCP Port Number Reuse and more…

WHEN AND WHERE August 11-13, 2014 See the Daily Schedule section on page 5 for more details on daily start/end times.

Domain Hotel, Sunnyvale, California Location: 1085 East El Camino Real

Sunnyvale, California 94087

Closest Airports: ● San Jose Mineta Airport SJC (9 miles) ● San Francisco Airport SFO (31 miles) ● Oakland Airport OAK (38 miles)

See Hotel Discount Booking and Details on page 2.


2ABOUT LAURA CHAPPELL, YOUR INSTRUCTOR Laura Chappell, Founder of Wireshark University and Chappell University, is renowned for her Wireshark skills and ability to train in an entertaining manner. She is the author of several Wireshark books including Wireshark Network Analysis: the Official Wireshark Certified Network Analyst Study Guide, Wireshark 101: Essential Skills for Network Analysis, and Troubleshooting with Wireshark: Locate the Source of Performance Problems.

Laura has been analyzing network traffic for over 20 years and has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers on the subject of “tapping into networks.”

Ms. Chappell’s customers include Apple, Cisco, Dell, HP, Microsoft, IBM, Lockheed Martin, McAfee Corporation, US Arsenal, US Air Force, US Navy, NCIS, US Court of Appeals, United Bank of Switzerland, Salesforce, SPAWAR, Symantec, Riverbed Technology, Palo Alto Networks, Australian High Tech Crime Centre, Macau Police Department, Hong Kong Police Department, Qualcomm, and more.

TUITION AND DISCOUNT SCHEDULE Tuition covers all course materials, 1-year All Access Pass subscription, breakfast, lunch and break refreshments, evening events and your Certificate of Completion.

Hotel expenses are not included, but there is a discounted rate available if booked by July 10, 2014 (one month before event). See Hotel Discount Booking and Details below.

Early Bird Tuition (Until June 10th – two months before event) ........................... $1299

Regular Tuition (After July 10th – two months before event) ................................ $1499

Group Discounts Available (three or more students) ...................................... Contact Us [email protected]

HOTEL DISCOUNT BOOKING AND DETAILS Book your hotel room at the Domain Hotel by July 10th to receive the special discount rate. The conference rate will be honored for two days before and two days after the event subject to availability. Make your reservations early. The weather should be fabulous so consider bringing the family to enjoy some Silicon Valley time.

Location: 1085 East El Camino Real Sunnyvale, California 94087

Room Rates: $189/night plus tax (discount rate is available until July 10th, 2014)

Group Code: 1408WIRESH Reservations: 1.800.738.7477 Website: jdvhotels.com/domain

HAND

CANCIf you arerequire fopayment)

If a studefull forfeit

Student sthan five

EVEN

1 You will b

vulnerab

RE

DS-ON T

CELLATIe unable to atourteen (14) ). Failure to p

ent does not ature of the fu

substitutions (5) full busin

ING EVE

be advised in adilities.

EGISTER ON

TRAININThis trainthe latest

You can dLinux, or W

Ensure yoprovided the event

ION ANDttend your sccalendar day

provide the re

attend a scheunds.

are allowed,ness days bef

ENTS We afellowhoursrecep

WelcoCheccold o

Netwroomnetwo

Somethe Ainform

dvance of the ev

NLINE AT WW

NG–BRIing event is ht version of W

download theWindows fro

our laptop haon a USB sti

t, but not pro

D STUDcheduled traiys notice to cequired notifi

eduled cours

, but we musfore the start

re working ow students ans are from 5:ptions will be

ome Receptik in for the eone by the po

working Event and head doork with som

ething SpeciaApex Room anmation will be

vent if a specific

WW.WIRESH

ING YOUhands-on. Br

Wireshark1.

e latest stablm www.wires

as a functionack. DVD “justvided in the

ENT SUning class, p

cancel any reication will re

se without pr

st be notified t of the class

n several recnd even mee30pm to 7:3 held in the A

on and Pre-Eevent, drop yoool.

t (Monday, Auown to the Ap

me new and o

al to be Annond pool/cabae available s

c version of Wir

HARKTRAIN

UR OWNring your own

e version of Wshark.org.

al USB port at-in-case” veStudent Kit.

UBSTITUplease contacegistration (anesult in 100%

rior notificatio

via email to s (not includin

ceptions thatet some Wires30pm, SundaApex Room a

Event Registrour bag off in

ugust 11th:) -pex Room an

old friends.

ounced (Tuesana area for oon.

reshark is requir

ING.COM

N LAPTOn laptop pre-c

Wireshark fo

as course marsions will als

UTION Pct 1 (408) 37nd provide re

% charge of th

on (“no show

info@chappeng the class s

t will allow yoshark celebr

ay through Tuand the pool/

ration (Sundan your room,

Drop your band pool/caba

sday, August a special eve

red to avoid any

OP (BYOconfigured w

or MAC OSX,

aterials will bso be availab

POLICY78-7841. We efund for prehe course.

w”) it will resu

ellU.com no lstart date).

ou to mingle writies. Receptuesday. All /cabana area

ay, August 10and come ha

ags in your hana area to

12th) - Head ent. More

y current bugs o

3OL) ith

be ble at

e-

ult in

less

with tion

a.

0th) - ave a

hotel

to

or

ABOUThe All Acwheneverevents th

AAP Por C P D U

a

Sample W La

fo A B C F C C C C C C C C

Sample K D W C C D W C R C

AAP substhe pre-reSunday, Aonsite reg

2 Topics an

RE

UT THE Access Pass (Ar and wherevat happen th

rtal Featureourse Graderint Course C

Download couse the Chat fnd the instru

e Online CoWCNA Exam Pab Solutions or Network Annalyzing the uild Wireshareate a Secuind Stuff FasS42: HackedS43: AnalyzeS44: Top 10S45: TCP AnS46: DHCP/AS47 Nmap NS48: WireshaS50: WLAN A

e Live EventKey TCP ParamDetecting DelaWireshark Qt (

alc Functionsascade Pilot

Display FiltersWireshark Qt (

onfiguration egex Updatehallenges (D

scription acceegistration evAugust 10th agistration on

nd dates may ch

EGISTER ON

ALL ACCAAP) one-yeaver you want.hrough the ye

es books indica

Certificates uurse documefeature to co

uctor.

ourse List Prep Question

for Wiresharnalysis Window Zerork Filters from

urity Profile st with Wireshd Hosts e and Improv

Reasons Yoalysis in-DepARP Analysis

Network Scanark 101 JumAnalysis 101

t List - 2014meters (Marcays (April 20(May 2014) s (June 2014(July 2014)

s (August 201(September 2Files (Octobe

e (November December 20

ess is providevent registratand during thMonday, Aug

hange based on

NLINE AT WW

CESS PAr subscriptio In addition,

ear.

ate progress tpon successnts and tracemmunicate w

ns rk 101: Esse

o Condition m Snort Rule

hark Filter Ex

ve Throughpuur Network is

pth s nning 101 pstart

42 ch 2014) 14)

4)

14) 2014) er 2014) 2014) 14)

ed during tion on

he gust 11th.

n the Wireshark

WW.WIRESH

ASS ($6n enables yoyou can join

through yourful completioe files for mawith other stu

ntial Skills

es

xpression But

ut s Slow

development s

HARKTRAIN

699 VAou to take nu

Laura Chapp

r courses. on. any classes.udents

ttons

schedule.

ING.COM

ALUE) merous onlinpell live in a v

ne courses variety of onl

4

line

4


5DAILY SCHEDULE Class runs from 9am-5pm each day. Evening events begin at 5:30pm Sunday through Tuesday.

Sunday, August 10 3:00 pm Domain Hotel Check-In

5:30 pm Registration and Welcome Reception Opens

Register at the Lobby Business Center

Welcome Reception (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)

Monday, August 11 8:00 am Breakfast

9:00 am Class begins (with morning break)

12:00 pm Lunch buffet (45 minutes)

12:45 pm Class resumes (with afternoon break)

5:00 pm Class day ends

5:30 pm Networking Reception (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)

Tuesday, August 12 8:00 am Breakfast (Front of Peak Room)




5:00 pm Class day ends

5:30 pm Something Special (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)

Wednesday, August 13 8:00 am Breakfast




5:00 pm Class ends


6DETAILED CONTENT OUTLINE The following outline defines the course content. The order in which materials are presented may be altered to allow more complex topics to be presented earlier in the day.

Part 1: Troubleshooting Methodology • Overview of the Four-Part Analysis Methodology • Use Your Troubleshooting Checklist

Part 2: Master Key Wireshark Troubleshooting Tasks • Create a Troubleshooting Profile • Enhance the Packet List Pane Columns • Change the Time Column Setting • Filter on a Host, Subnet or Conversation • Filter on an Application Based on Port Number • Filter on Field Existence or a Field Value • Filter OUT “Normal” Traffic (Exclusion Filters) • Create Filter Expression Buttons • Launch and Navigate Through the Expert Infos • Change Dissector Behavior (Preference Settings) • Find the Top Talkers • Build a Basic IO Graph • Add a Coloring Rule

Part 3: Capture Technique • Tips on Choosing a Capture Location • Tips for Working with Large Trace Files and High Throughput Networks • Tips for Locating the Cause of Intermittent Problems • Tips for Naming Your Trace Files • Capture Options for a Switched Network • Capture on High Traffic Rate Links • Consider Your Wireless Capture Options • Capture to a File Set in High Traffic Rate Situations • Use Capture Filters when Necessary • Command-Line Capture Techniques (Tshark/tcpdump/dumpcap)

Part 4: Identify TCP/IP Resolution Problems • Name Resolution Problems • Route Resolution Problems • MAC Address Resolution Problems

Part 5: Troubleshoot with Time • Avoid the Distractions of “Normal” or Acceptable Delays • Detect Delays in UDP Conversations • Detect Delays in TCP Conversations • Identify High DNS Response Time • Identify High HTTP Response Time • Identify High SMB/SMB2/SMB3 Response Time


7Part 6: Identify Problems Using Wireshark’s Expert

• Understand Wireshark’s Expert Infos System/Dissector Designations • Previous Segment Not Captured • Duplicate ACKs • Out-of-Order Packets • Fast Retransmissions • Retransmissions • Spurious Retransmissions • ACKed Unseen Segment • Keep Alive and Keep Alive ACK • Zero Window • Window Full • Zero Window Probe and Zero Window Probe ACK • Window Update • Reused Ports • Checksum Errors

Part 7: Identify Application Errors • Detect DNS Errors • Detect HTTP Errors • Detect SMB/SMB2 Errors • Detect SIP Errors • Detect Error Responses of Other Applications

Part 8: Master Basic and Advanced IO Graph Functions • Graph and Compare Conversation Throughput • Graph Application Traffic • Use CALC Functions on the Advanced IO Graph

Part 9: Graph Throughput Problems • Detect Consistently Low Throughput due to Low Packet Sizes • Identify Queuing Delays along a Path • Correlate Drops in Throughput with TCP Problems (the “Golden Graph”)

Part 10: Graph Time Delays • Graph High Delta Times (UDP-Based Application) • Graph High TCP Delta Time (TCP-Based Application)

Part 11: Graph Other Network Problems • Graph Window Size Problems • Graph Packet Loss and Recovery

Part 12: Working with Command Line Tools and 3rd Party Tools • Export Packet List Pane Columns to CSV Format • Export Your Trace File/Packet Comments Report • Sanitize Trace Files

CONTDo you ha

Please fe

E P Fa

5339 ProSan Jose,

RE

TACT USave any ques

eel free to con

mail: info@chone: 1 (408ax: 1 (408

ospect Road, , California 9

EGISTER ON

S stions about t

ntact us direc

chappellU.co8) 378-78418) 378-7891

#343

95129 USA

NLINE AT WW

this event?

ctly.

m 1 1

WW.WIRESHHARKTRAINING.COM

8

8

laur happell’s tr oubleshooting with iresharrk · laur ugust registe u th reshark to erformanc...

Documents