Start Using Wireshark to Hack like a Pro
4.3 (773 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
4,521 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Start Using Wireshark to Hack like a Pro to your Wishlist.

Add to Wishlist

Start Using Wireshark to Hack like a Pro

Start your first capture, use Wireshark features to understand the data and analyze the network communication
4.3 (773 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
4,521 students enrolled
Created by Kevin Cardwell
Last updated 7/2017
Curiosity Sale
Current price: $10 Original price: $40 Discount: 75% off
30-Day Money-Back Guarantee
  • 3.5 hours on-demand video
  • 6 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Get to know the key features of Wireshark
  • Recognize the essential components of network communication
  • Explore the different methods of setting up a packet capture
  • Analyze packets using the Wireshark tool
  • Analyze client to server communication with Wireshark
  • Examine network traffic and identify potentially malicious traffic
  • Examine the data within the network and how it shows up in Wireshark
View Curriculum
  • This course is for you if you have a basic understanding of the command line and general knowledge of what an IP address is and TCP/IP. You should also know about the 7 layers of OSI model.

This course will cover the process for conducting protocol analysis. This will serve as a foundation for the skill required for a number of different types of careers. Protocol analysis is the technique of analyzing what is or has taken place on a network. This is used by Security Operations Center analysts as well as network forensics investigators.

We will take static capture files that you will be provided and show you how to analyze them within the Wireshark tool. You will learn ways to quickly identify anything that is abnormal within a network packet capture. This will provide you with the initial skills for intrusion analysis, and also malware tracking and monitoring.

-The course prepares the student for understanding network protocol analysis -After the course you will have the initial skills for security or hacking classes 

- Anyone who wants to understand the foundation of security skills and have knowledge for analyzing network traffic as well as potential intrusions will benefit from this course. 

- This course is for beginners or people interested in learning about hacking and don't know where to start.

Who is the target audience?
  • This course is for beginners or people interested in learning about hacking and don't know where to start.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
34 Lectures
Course Overview
1 Lecture 01:19

Learn the course format and get setup with supplemental files you will need to get hands on experience with Wireshark.

Preview 01:19
Course Setup: First Steps of Protocol Analysis
3 Lectures 15:06

Download and install Wireshark on a Windows platform

Preview 02:55

Get to know the Wireshark interface.

Preview 06:30

Maneuver the static packet capture File1.pcapng within Wireshark and interpret the information in the file. Become familiar with the three main display windows and how to analyze the packet information.

Review the First Packet capture in Wireshark.
Network Communication at the Packet Level
4 Lectures 23:14

Recognize the components of client to server interaction. Following the common sequences of network traffic from request to response

            DNS to IP 

            IP to ARP


Analyze the different components of client to server communication. Interpret DNS and ARP and what takes place on the network when these protocols communicate.

Analyze Client to Server Communication with the Wireshark User Interface.

Explore the main protocols on the network and build understanding of the components of ICMP, the composition of UDP and the characteristics of TCP communications.

Your first protocols

Assess the static capture file File1.pcapng. Examine the ICMP, UDP and TCP traffic within the file using the user interface of Wireshark.

Examine protocol packets within the Wireshark tool.

In this quiz you will be tested on the components of network communication.

Network communication quiz
5 questions
TCP/IP Foundation
4 Lectures 14:29

You will learn about the headers and the components within the headers of IP, UDP and TCP. Following the information review you will learn a process for analyzing the headers from within the network.


You will use the supplemental file, File2.pcapng. amd examine the way the headers are displayed within the user interface of Wireshark. The process of identifying and understanding encapsualtion will be reviewed.

Protocol Analysis at the network level using Wireshark

In this lecture you will learn about the connection-oriented and the connection-less network protocols and how to interpret Steams and conversations on the network.

Interpreting Connections and Protocols

You will use the supplemental file, File3.pcapng, and process the UDP sessions and review the stream content. You will explore the TCP connections, and analyze the streams from the connections to uncover information from the network communications.

Intermediate Protocol Analysis of static captures using Wireshark.

In this quiz, you will have questions on the different protocols within TCP/IP.

TCP/IP Foundation Quiz
5 questions
Starting your First Capture
3 Lectures 18:54

You will learn the different methods of setting up a capture wihtin Wireshark. You will review the interface and options available for captruing the network traffic.



You will learn how to configure and setup the Wireshark tool to conduct live network traffic capture. Once you have configured the interface and started the capture you will access a number of web sites.

Live capture exercise

You will apply the process you have learned to the live capture file. Following this, you will analyze what has taken place at the packet level when you generated the network traffic.

Analyzing the live capture using Wireshark.
Working with Capture Files in Wireshark
4 Lectures 18:19

You will receive an overview of the different methods of working with packet capture files in Wireshark. Following this, infomration on the different capture file formats will be explained.


You will learn the process, methods and the different formats for saving capture files. At the completion of this you will learn how to select different area of the network traffic and save for future use.

Saving the capture to a file

You will lean the advanced capture methods of Wireshark. The process and technique of merging capture files into another will be discussed as well as the capability to import hexadecimal traffic from a file.

Advanced Capture Methods

You will apply the skills that you have learned for advanced captures in the Wireshark tool Following this, you will see how to isolate specific network packet data and then merge it into another capture file for later use.

Advanced Capture Scenario Analysis Methods With Wireshark.

This quiz will be based on the options for capturing files within Wireshark.

Working with capture files within Wireshark
2 questions
Analyzing Packet Captures
2 Lectures 07:50

You will learn about the powerful filtering capability in Wireshark. By applying filters you will be able to isolate all facets of network communication. An explanation of the characteristics of basic network attacks will be discussed. 


You will apply the knowledge you have learned to the creation filters within the Wireshark tool. Methods of a variety of shortcuts to assist your analysis will be reviewed.

Creating Wireshark filters
Examining Protocol Communication
3 Lectures 32:14

You will learn the process to examine network protocol communication. The methods used to identify abnormal and potentially attack traffic will be discussed.


You will use the supplemental capture file, File3,pcapng to apply the skills we have developed throughout the course to determine what has taken place on the network where the packet capture was taken. You will review and determine the network traffic that is normal, and the network traffic that could be an attack. The skills practiced here will set the stage for the next level of conducting protocol analysis of potential attack traffic.

Attacking the network communication and identifying artifacts with Wireshark

You will use the supplemental capture file, File4.pcapng and apply the skills, and process and methodology you have learned throughout the course to determine what has taken place on the network that the network packet capture was taken on.

Applying your skills to identify potential incidents within Wireshark captures
Bonus Capture Files
4 Lectures 33:55

This is the first capture file, apply the process you have learned and analyze what is taking place in the file. Message me once you have completed your analysis.

Bonus-File1 capture file

Bonus-File1 Solution

I have created a Bonus File Section that will contain different capture files for you to apply the process we show in the course to analyze the network traffic. I am happy to announce that the second capture file for you to review has been uploaded. Take a look ad see if you can determine what has taken place on the network and anything that is suspicious in the network traffic. Once you have analyzed it, send me a message with your results. After I get 10 or more analysis results from you all, I will post a solution with a walk through of some of the important items that are in the capture file. As a reminder, the process is:

  1. Look for suspicious traffic
  2. Identify open ports
  3. Look for data within the packets
  4. Analyze the streams of data
  5. Look for signs of compromise
  6. Draft a report of your findings

Bonus File2 capture File

This is the solution file for the 2nd bonus packet capture. I did not provide everything in the capture file, I explained the process. See if after you have reviewed the solution you can discover any additional information about the attacks if there are any within the file. Post your analysis to share with others. Good Luck!

Bonus-File2 Solution
Section 10: The Steps of Professional Hacking
6 Lectures 35:20

In this lecture I will perform the first step of the scanning methodology that hackers deploy using the popular tool nmap. The discovery of live systems to hack!

The first step of professional hacking scanning methodology!

In this video, I will perform the second step of the hacking methodology of scanning, and that is finding the open ports on our targets. These open ports represent doors that we can use for access, or in hacker terms our vector for a potential attack.

The second step of the professional hacking methodology

In this video, I will perform the third step of the hacking methodology of scanning, and that is finding the services on the open ports on our targets. These services will let the attacker know where the potential attack points are at.

The third step of the professional hacking methodology

In this video, I will perform the fourth step of the hacking methodology of scanning, and that is enumerating details on our targets. These details will assist the attacker with making the attack points more granular and then they can carry out a more direct attack with a greater chance of success.

The fourth step of the professional hacking methodology

In this video, I will perform the fifth step of the hacking methodology of scanning, and that is identifying the vulnerabilities, and this is one of the things that a hacker needs and that is a weakness to leverage for gaining access.

The fifth step of the professional hacking methodology

In this video, I will perform the sixth step of the hacking methodology of scanning, and that is validating the vulnerabilities, and this is leveraging a weakness for gaining access and is penetration  testing.

The sixth step of the professional hacking methodology
About the Instructor
Kevin Cardwell
4.3 Average rating
777 Reviews
4,561 Students
2 Courses
Computer Security Architect

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing,  Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security.  He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman.  He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe.  Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications.  Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region.  He holds the CEH, ECSA, LPT and a number of other certifications.