laur happell’s tr oubleshooting with iresharrk · laur ugust registe u th reshark to erformanc...
TRANSCRIPT
A
Trowi
Master Winetwork p
Use themethod
Customproblem
Rapidlydelays
Use thespot repacketand mo
LAUR
August
Registe
ouith
ireshark toperformanc
e 4-part trdology to c
mize Wiresms with thy identify aand applic
e Wireshaeceiver cont loss, out-ore.
RA C
11-13, 2
er onlin
bleW
o locate thce problem
oubleshoocatch probshark to dehe click of and graph cation delrk’s Experngestion, tof-order se
CHAP
2014 ● D
e at ww
eshirehe source oms quickly
oting blems. etect a button.path ays.
rt Infos to the point oegments
PPELL
Domain
ww.wire
hooesh
of y.
of
L’S
Hotel, S
sharktr
Host
otihar
Sunnyva
raining.
ted at the bea
ingrk
ale, Cali
.com
autiful Domain
®g
ifornia
n Hotel in Sun
®
nnyvale, Califoornia
CONTWho ShoulCourse TopWhen and W
August Domain
About LaurTuition andHotel DiscoHands-On TCancellatioEvening EvAbout the A
AAP PorSampleSample
Daily ScheSundayMondayTuesdayWednes
Detailed CContact Us
TENTS ld Attend ........pics ...............Where ...........11-13, 2014 .
n Hotel, Sunnyvra Chappell, Yod Discount Schount Booking aTraining–Bringon and Student
vents ..............All Access Passrtal Features ..
e Online Coursee Live Event Listdule .............., August 10 ....y, August 11 ...y, August 12 ...sday, August 13ontent Outline
s ....................
.....................
.....................
.....................
.....................vale, California our Instructor ..edule ............
and Details .....g Your Own Lapt Substitution P.....................s ($699 Value).....................
e List ..............t - 2014 .............................................................................................3 .............................................................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................top (BYOL) .....Policy ................................. .......................................................................................................................................................................................................................................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
....... 1
....... 1
....... 1
....... 1
....... 1
....... 2
....... 2
....... 2
....... 3
....... 3
....... 3
....... 4
....... 4
....... 4
....... 4
....... 5
....... 5
....... 5
....... 5
....... 5
....... 6
....... 8
REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM
1WHO SHOULD ATTEND This hands-on course is geared towards IT professionals, network engineers, and escalation teams who need to find network problems quickly. If you are responsible for any of the following network issues, this is the event for you!
Find the cause of slow file transfers Optimize the network Measure bandwidth use for an application or user Identify problematic infrastructure devices
COURSE TOPICS This hands-on course focuses on customization of Wireshark to identify numerous performance issues including the following:
Connection Blocked or Refused Application Request Refused Slow Application Response Times Server Application Faults Content Redirection TCP Receive Buffer Issues Altered TCP Connection Attributes Mismatched TCP Parameters Weak Signal (WLAN) Asymmetric Routing Packet Loss in the Infrastructure
High Path Latency Measurements Bandwidth Throttling Delayed ACKs/Nagle Issue Packets Queued along Path Route Redirections Virus/Malware on Network Hosts Name Resolution Problems Missing Selective Acknowledgment (SACK) No Support for Window Scaling Premature TCP Port Number Reuse and more…
WHEN AND WHERE August 11-13, 2014 See the Daily Schedule section on page 5 for more details on daily start/end times.
Domain Hotel, Sunnyvale, California Location: 1085 East El Camino Real
Sunnyvale, California 94087
Closest Airports: ● San Jose Mineta Airport SJC (9 miles) ● San Francisco Airport SFO (31 miles) ● Oakland Airport OAK (38 miles)
See Hotel Discount Booking and Details on page 2.
REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM
2ABOUT LAURA CHAPPELL, YOUR INSTRUCTOR Laura Chappell, Founder of Wireshark University and Chappell University, is renowned for her Wireshark skills and ability to train in an entertaining manner. She is the author of several Wireshark books including Wireshark Network Analysis: the Official Wireshark Certified Network Analyst Study Guide, Wireshark 101: Essential Skills for Network Analysis, and Troubleshooting with Wireshark: Locate the Source of Performance Problems.
Laura has been analyzing network traffic for over 20 years and has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers on the subject of “tapping into networks.”
Ms. Chappell’s customers include Apple, Cisco, Dell, HP, Microsoft, IBM, Lockheed Martin, McAfee Corporation, US Arsenal, US Air Force, US Navy, NCIS, US Court of Appeals, United Bank of Switzerland, Salesforce, SPAWAR, Symantec, Riverbed Technology, Palo Alto Networks, Australian High Tech Crime Centre, Macau Police Department, Hong Kong Police Department, Qualcomm, and more.
TUITION AND DISCOUNT SCHEDULE Tuition covers all course materials, 1-year All Access Pass subscription, breakfast, lunch and break refreshments, evening events and your Certificate of Completion.
Hotel expenses are not included, but there is a discounted rate available if booked by July 10, 2014 (one month before event). See Hotel Discount Booking and Details below.
Early Bird Tuition (Until June 10th – two months before event) ........................... $1299
Regular Tuition (After July 10th – two months before event) ................................ $1499
Group Discounts Available (three or more students) ...................................... Contact Us [email protected]
HOTEL DISCOUNT BOOKING AND DETAILS Book your hotel room at the Domain Hotel by July 10th to receive the special discount rate. The conference rate will be honored for two days before and two days after the event subject to availability. Make your reservations early. The weather should be fabulous so consider bringing the family to enjoy some Silicon Valley time.
Location: 1085 East El Camino Real Sunnyvale, California 94087
Room Rates: $189/night plus tax (discount rate is available until July 10th, 2014)
Group Code: 1408WIRESH Reservations: 1.800.738.7477 Website: jdvhotels.com/domain
HAND
CANCIf you arerequire fopayment)
If a studefull forfeit
Student sthan five
EVEN
1 You will b
vulnerab
RE
DS-ON T
CELLATIe unable to atourteen (14) ). Failure to p
ent does not ature of the fu
substitutions (5) full busin
ING EVE
be advised in adilities.
EGISTER ON
TRAININThis trainthe latest
You can dLinux, or W
Ensure yoprovided the event
ION ANDttend your sccalendar day
provide the re
attend a scheunds.
are allowed,ness days bef
ENTS We afellowhoursrecep
WelcoCheccold o
Netwroomnetwo
Somethe Ainform
dvance of the ev
NLINE AT WW
NG–BRIing event is ht version of W
download theWindows fro
our laptop haon a USB sti
t, but not pro
D STUDcheduled traiys notice to cequired notifi
eduled cours
, but we musfore the start
re working ow students ans are from 5:ptions will be
ome Receptik in for the eone by the po
working Event and head doork with som
ething SpeciaApex Room anmation will be
vent if a specific
WW.WIRESH
ING YOUhands-on. Br
Wireshark1.
e latest stablm www.wires
as a functionack. DVD “justvided in the
ENT SUning class, p
cancel any reication will re
se without pr
st be notified t of the class
n several recnd even mee30pm to 7:3 held in the A
on and Pre-Eevent, drop yoool.
t (Monday, Auown to the Ap
me new and o
al to be Annond pool/cabae available s
c version of Wir
HARKTRAIN
UR OWNring your own
e version of Wshark.org.
al USB port at-in-case” veStudent Kit.
UBSTITUplease contacegistration (anesult in 100%
rior notificatio
via email to s (not includin
ceptions thatet some Wires30pm, SundaApex Room a
Event Registrour bag off in
ugust 11th:) -pex Room an
old friends.
ounced (Tuesana area for oon.
reshark is requir
ING.COM
N LAPTOn laptop pre-c
Wireshark fo
as course marsions will als
UTION Pct 1 (408) 37nd provide re
% charge of th
on (“no show
info@chappeng the class s
t will allow yoshark celebr
ay through Tuand the pool/
ration (Sundan your room,
Drop your band pool/caba
sday, August a special eve
red to avoid any
OP (BYOconfigured w
or MAC OSX,
aterials will bso be availab
POLICY78-7841. We efund for prehe course.
w”) it will resu
ellU.com no lstart date).
ou to mingle writies. Receptuesday. All /cabana area
ay, August 10and come ha
ags in your hana area to
12th) - Head ent. More
y current bugs o
3OL) ith
be ble at
e-
ult in
less
with tion
a.
0th) - ave a
hotel
to
or
ABOUThe All Acwheneverevents th
AAP Por C P D U
a
Sample W La
fo A B C F C C C C C C C C
Sample K D W C C D W C R C
AAP substhe pre-reSunday, Aonsite reg
2 Topics an
RE
UT THE Access Pass (Ar and wherevat happen th
rtal Featureourse Graderint Course C
Download couse the Chat fnd the instru
e Online CoWCNA Exam Pab Solutions or Network Annalyzing the uild Wireshareate a Secuind Stuff FasS42: HackedS43: AnalyzeS44: Top 10S45: TCP AnS46: DHCP/AS47 Nmap NS48: WireshaS50: WLAN A
e Live EventKey TCP ParamDetecting DelaWireshark Qt (
alc Functionsascade Pilot
Display FiltersWireshark Qt (
onfiguration egex Updatehallenges (D
scription acceegistration evAugust 10th agistration on
nd dates may ch
EGISTER ON
ALL ACCAAP) one-yeaver you want.hrough the ye
es books indica
Certificates uurse documefeature to co
uctor.
ourse List Prep Question
for Wiresharnalysis Window Zerork Filters from
urity Profile st with Wireshd Hosts e and Improv
Reasons Yoalysis in-DepARP Analysis
Network Scanark 101 JumAnalysis 101
t List - 2014meters (Marcays (April 20(May 2014) s (June 2014(July 2014)
s (August 201(September 2Files (Octobe
e (November December 20
ess is providevent registratand during thMonday, Aug
hange based on
NLINE AT WW
CESS PAr subscriptio In addition,
ear.
ate progress tpon successnts and tracemmunicate w
ns rk 101: Esse
o Condition m Snort Rule
hark Filter Ex
ve Throughpuur Network is
pth s nning 101 pstart
42 ch 2014) 14)
4)
14) 2014) er 2014) 2014) 14)
ed during tion on
he gust 11th.
n the Wireshark
WW.WIRESH
ASS ($6n enables yoyou can join
through yourful completioe files for mawith other stu
ntial Skills
es
xpression But
ut s Slow
development s
HARKTRAIN
699 VAou to take nu
Laura Chapp
r courses. on. any classes.udents
ttons
schedule.
ING.COM
ALUE) merous onlinpell live in a v
ne courses variety of onl
4
line
4
REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM
5DAILY SCHEDULE Class runs from 9am-5pm each day. Evening events begin at 5:30pm Sunday through Tuesday.
Sunday, August 10 3:00 pm Domain Hotel Check-In
5:30 pm Registration and Welcome Reception Opens
Register at the Lobby Business Center
Welcome Reception (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)
Monday, August 11 8:00 am Breakfast
9:00 am Class begins (with morning break)
12:00 pm Lunch buffet (45 minutes)
12:45 pm Class resumes (with afternoon break)
5:00 pm Class day ends
5:30 pm Networking Reception (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)
Tuesday, August 12 8:00 am Breakfast (Front of Peak Room)
9:00 am Class begins (with morning break)
12:00 pm Lunch buffet (45 minutes)
12:45 pm Class resumes (with afternoon break)
5:00 pm Class day ends
5:30 pm Something Special (Apex Room/Pool Area) - Badges required (concludes at 7:30pm)
Wednesday, August 13 8:00 am Breakfast
9:00 am Class begins (with morning break)
12:00 pm Lunch buffet (45 minutes)
12:45 pm Class resumes (with afternoon break)
5:00 pm Class ends
REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM
6DETAILED CONTENT OUTLINE The following outline defines the course content. The order in which materials are presented may be altered to allow more complex topics to be presented earlier in the day.
Part 1: Troubleshooting Methodology • Overview of the Four-Part Analysis Methodology • Use Your Troubleshooting Checklist
Part 2: Master Key Wireshark Troubleshooting Tasks • Create a Troubleshooting Profile • Enhance the Packet List Pane Columns • Change the Time Column Setting • Filter on a Host, Subnet or Conversation • Filter on an Application Based on Port Number • Filter on Field Existence or a Field Value • Filter OUT “Normal” Traffic (Exclusion Filters) • Create Filter Expression Buttons • Launch and Navigate Through the Expert Infos • Change Dissector Behavior (Preference Settings) • Find the Top Talkers • Build a Basic IO Graph • Add a Coloring Rule
Part 3: Capture Technique • Tips on Choosing a Capture Location • Tips for Working with Large Trace Files and High Throughput Networks • Tips for Locating the Cause of Intermittent Problems • Tips for Naming Your Trace Files • Capture Options for a Switched Network • Capture on High Traffic Rate Links • Consider Your Wireless Capture Options • Capture to a File Set in High Traffic Rate Situations • Use Capture Filters when Necessary • Command-Line Capture Techniques (Tshark/tcpdump/dumpcap)
Part 4: Identify TCP/IP Resolution Problems • Name Resolution Problems • Route Resolution Problems • MAC Address Resolution Problems
Part 5: Troubleshoot with Time • Avoid the Distractions of “Normal” or Acceptable Delays • Detect Delays in UDP Conversations • Detect Delays in TCP Conversations • Identify High DNS Response Time • Identify High HTTP Response Time • Identify High SMB/SMB2/SMB3 Response Time
REGISTER ONLINE AT WWW.WIRESHARKTRAINING.COM
7Part 6: Identify Problems Using Wireshark’s Expert
• Understand Wireshark’s Expert Infos System/Dissector Designations • Previous Segment Not Captured • Duplicate ACKs • Out-of-Order Packets • Fast Retransmissions • Retransmissions • Spurious Retransmissions • ACKed Unseen Segment • Keep Alive and Keep Alive ACK • Zero Window • Window Full • Zero Window Probe and Zero Window Probe ACK • Window Update • Reused Ports • Checksum Errors
Part 7: Identify Application Errors • Detect DNS Errors • Detect HTTP Errors • Detect SMB/SMB2 Errors • Detect SIP Errors • Detect Error Responses of Other Applications
Part 8: Master Basic and Advanced IO Graph Functions • Graph and Compare Conversation Throughput • Graph Application Traffic • Use CALC Functions on the Advanced IO Graph
Part 9: Graph Throughput Problems • Detect Consistently Low Throughput due to Low Packet Sizes • Identify Queuing Delays along a Path • Correlate Drops in Throughput with TCP Problems (the “Golden Graph”)
Part 10: Graph Time Delays • Graph High Delta Times (UDP-Based Application) • Graph High TCP Delta Time (TCP-Based Application)
Part 11: Graph Other Network Problems • Graph Window Size Problems • Graph Packet Loss and Recovery
Part 12: Working with Command Line Tools and 3rd Party Tools • Export Packet List Pane Columns to CSV Format • Export Your Trace File/Packet Comments Report • Sanitize Trace Files
CONTDo you ha
Please fe
E P Fa
5339 ProSan Jose,
RE
TACT USave any ques
eel free to con
mail: info@chone: 1 (408ax: 1 (408
ospect Road, , California 9
EGISTER ON
S stions about t
ntact us direc
chappellU.co8) 378-78418) 378-7891
#343
95129 USA
NLINE AT WW
this event?
ctly.
m 1 1
WW.WIRESHHARKTRAINING.COM
8
8