Wireshark (Fall Geek Trak 2020)

Wireshark is one of the most popular and powerful tools used for network analysis today. Whether it be for network troubleshooting or security analysis, Wireshark provides meaningful and actionable insight to what is going on within your network environment. This workshop focuses on the skills and knowledge required to analyze network traffic using Wireshark by immersing participants in techniques for sniffer deployment, capturing and analyzing normal network traffic and producing and analyzing malicious network traffic. Each section includes real world exercises to apply concepts learned. The following is the outline overview and schedule for the workshop:

Day One

Sunday, October 25, 2020
1:00 PM to 5:00 PM

Section 1: Workshop Overview and Orientation

This section introduces participants to the workshop by ensuring everyone has access to the workshop material and lab environment. This section also starts the overall discussion on Wireshark.

Section Outline:

• Verifying Material Access
• Lab Environment Orientation
• Wireshark Overview

Day Two

Monday, October 26, 2020
9:00 AM to 12:00 PM
Lunch Break 1:00 PM to 4:00 PM

Section 2: Sniffer Deployment

This section explores techniques on using Wireshark to capture network segment traffic.

Section Outline:

• Wireshark Installation and Usage

• TAPs\SPAN Ports

• Filters

Day Three

Tuesday, October 27, 2020
9:00 AM to 12:00 PM
Lunch Break 1:00 PM to 4:00 PM

Section 3: Capturing and analyzing TCP/IP traffic

This section explores techniques on how to use Wireshark to analyze both live and pre-made captures of core network protocols.

Section Outline:

• Breakdown of TCP/IP Model using Wireshark

• Analyzing Network Protocols

Day Four

Wednesday, October 28, 2020
9:00 AM to 12:00 PM
Lunch Break 1:00 PM to 4:00 PM

Section 4: Investigating malicious activity

This section explores techniques on how to use Wireshark to analyze both live and pre-made captures of malicious network traffic.

Section Outline:

• Producing Attack Traffic

• Analyzing Attack Traffic

Participants’ systems should have at least 16GB of memory, preferably more. Although it is not required, participants can improve overall workshop experience with a two-screen setup.