Wireshark Crash Course
4.3 (296 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,508 students enrolled

Wireshark Crash Course

Learn hands on network analysis start to your journey towards a career in network engineering and cyber security
4.3 (296 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,508 students enrolled
Created by Kyle Slosek
Last updated 7/2018
English
English [Auto]
Current price: $18.99 Original price: $29.99 Discount: 37% off
2 days left at this price!
30-Day Money-Back Guarantee
This course includes
  • 2 hours on-demand video
  • 1 min on-demand audio
  • 2 articles
  • 8 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Understand how Networks Operate
  • Capture Network Traffic in Wireshark
  • Filter Captured Traffic in Wireshark
Requirements
  • Computer with Network Card
  • Basic Understanding of Networking
Description

Wireshark is the most widely used network capture and protocol analyzer on the market. It is used by IT and Network administrators to troubleshoot network connectivity issues and by Network Security analysts to dissect network attacks. This free and open source application is so widely used in the industry because it works. It is cross platform, meaning that it runs on Windows, Mac, Linux, and FreeBSD.

This course is an introduction to the application and goes over the basics to get you started capturing and analyzing network traffic. It will build your base by explaining the theory behind how networks work and then get you into real-world applications of the software.

In this course you will learn:

  • The basics of how networks operate
  • How to capture traffic on Wireshark
  • How to use display and capture filters
  • How to use command line Wireshark to work with large packet captures
Who this course is for:
  • Network Administrators
  • System Administrators
  • IT Security Analysts
Course content
Expand all 25 lectures 02:00:59
+ Introduction
4 lectures 13:47

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Preview 01:14

Introduction to the course material and the instructor


See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Preview 02:15

This lecture covers what wireshark is, it's history, what its used for and the graphical interface.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

What is Wireshark?
04:33

In this lecture we discuss the Open Systems Interconnect (OSI) Model and how it relates to wireshark.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

What is the OSI Model?
05:45
Quiz
4 questions
+ Installing Wireshark
3 lectures 09:05

This lecture sets up the nuances of installing Wireshark on multiple platforms.  We will dive in to installing on Windows 7 and also the need for WinPCAP.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Install Wireshark on Windows
03:47

This video goes over installing the X11 client XQuartz and installing Wireshark so that it works properly with XQuartz.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Preview 02:45

Instructions on how to install and run wireshark on Ubuntu 12.04

Commands Used:

01:25 - sudo apt-get install wireshark

02:22 - wireshark


See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Install Wireshark on Linux
02:33
+ Capturing Network Traffic
3 lectures 22:58

This lecture will discuss the theroy behind placing wireshark in the proper location on a network for maximum packet capture.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Where to place Wireshark
09:15

Here we will set up your first network capture.  We will discuss many of the options related to packet captures.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Your First Capture
06:30

Capture filters are great for capturing a small subset of traffic on a very congested network.  This lecture will explain how to build capture filters and how to apply them in wireshark.  See some of the supplemental resources for more detialed information on all the filters available.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Capture Filters
07:13
+ Analyzing Network Traffic
6 lectures 34:16

Once you have captured traffic from the network, wireshark has a whole host of tools that allow you to manipulate the data.  This lecture will show you some of the common tools such as time shifting, changing column preferences and merging PCAP files.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Preview 09:04

Display filters allow you to display only the packets you want to see or to filter out packets that you don't want to see.  In this lecture we will discuss several ways to build display filters and how to save them for future use.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Display Filters
11:27
Sample Display Filters
00:38

In your captured data there may be several computers all talking at once.  Wireshark has the ability to rebuild these "conversations" and show you the plain text data.  This lecture will show you how to rebuild the conversations and see what conversations happened on the network.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Follow Network Conversations
04:25

One of the main functions of networks is to transfer files between two end points.  While the wireshark interface shows you the individual packets it may be difficult to see what was actually transmitted.  Wireshark has several tools that will rebuild files that were transmitted over HTTP and SMB.  This lecture will show you two ways of rebuilding files from a PCAP.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Exporting Objects
04:22

Tshark is a command line version of wireshark that comes bundled with the application. It is very handy for scripting and carving smaller pcap files out of larger pcap files. This lecture will demonstrate the power of this program.

Commands Used:

01:13 - tshark --help
02:30 - ls -lah
03:11 - tshark -r large.cap -R http -w small.pcap
03:32 - ls -lah
Carve Packet Streams
04:20
+ Conclusion
2 lectures 01:59

Thank you so much for taking my course.  If you would like to keep up with me you can signup for my newsletter and I will send you updates to the course and sneak peaks/discounts on future courses.  Signup here.

See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Thank You!
01:28
Bonus Lecture: Additional Resources
00:31
+ BONUS - Student Questions
2 lectures 16:02

In this lecture we will go over some advanced tshark uses. Discussing field extraction using tshark and organizing the output.

Commands Used:

02:53 - “tshark -r http.pcap -T fields -e http.request.method”
03:56 -“tshark -r http.pcap -T fields -e http.request.method | sort | uniq -c”
05:30 - “tshark -r http.pcap -T fields -e http.request.uri”
07:21 - “tshark -r http.pcap -R “http.request.method == “GET”” -T fields -e ip.dst”
07:44 - “tshark -r http.pcap -R “http.request.method == “GET”” -T fields -e ip.dst | sort | uniq-c”
Preview 08:26

In this lecture I discuss using wireshark and Virus Total to discover if any computers on your network are communicating with known bad IP addresses.


See sloseksecurity.com for more Cyber Security topics. Check out our social media below:


Facebook: https://www.facebook.com/sloseksecuresforyou

Twitter: https://twitter.com/sloseksecurity

YouTube: https://www.youtube.com/channel/UCr-Xjr_w47jbW4OMyolLZgQ

Find Malicious IPs
07:36
+ BONUS - TCPDUMP
5 lectures 19:51

An introduction to TCPDUMP and how it is different from wireshark.

Introduction to TCPDUMP
03:19

Start your first capture using TCPDUMP and learn the common command line switches.

Commands Run:

 00:30 - man tcpdump 
 03:48 - tcpdump -D 
 04:26 - tcpdump -i en0 
 05:05 - tcpdump -i en0 -n 
 05:37 - tcpdump -i en0 -n -vvv 
 06:16 - tcpdump -i en0 -n -vvv -w test.pcap 
 07:16 - tcpdump -i en0 -n -vvv -s 96 -w test.pcap 
Capturing Traffic with TCPDUMP
08:05

Create filters for TCPDUMP using the Berkley Packet Filter (BPF) syntax.

Commands Run:

 02:50 - tcpdump -i en0 -n -vvv host 10.0.1.21 
 03:14 - tcpdump -i en0 -n -vvv host 10.0.1.21 and port 80 
 04:17 - tcpdump -i en0 -n -vvv net 10.0.1.0/24 and port 80 
TCPDUMP Capture Filters
04:53

Use TCPDUMP to carve smaller pcap files out of much larger datasets.

Commands Run:

 00:28 - ls -lah 
 01:13 - tcpdump -r sansholidayhack2013.pcap tcp and port 80 
 01:37 - tcpdump -r sansholidayhack2013.pcap -w http.pcap tcp and port 80 
 01:41 - ls -lah 
 02:23 - tcpdump -r sansholidayhack2013.pcap -w badip.pcap host 208.80.154.225 
 02:26 - ls -lah 
Carving PCAPS with TCPDUMP
03:34

Cheat sheet for TCPDUMP commonly used commands and filters.

TCPDUMP Cheat Sheet
3 pages

Quiz you on TCPDUMP command line switches and filter syntax.

TCPDUMP Quiz
4 questions