Wireshark Crash Course

Learn hands on network analysis start to your journey towards a career in network engineering and cyber security
27 reviews
  • Kyle Slosek IT Security Ninja, CISSP, C|EH, GCIH

    Kyle Slosek is a security practitioner with several years of experience in enterprise IT environments. Kyle works for a large IT firm in the DMV area and had done everything from certification and accreditation to pentesting testing and forensics. He holds a BS in Information Technology and an MS in Information Assurance as well as several industry certifications.

    I got in to computers at a young age. When I was young I was fascinated with the family computer and proceeded to build my own with used parts I found lying around or purchased on eBay. I was first interested in security after a home server I had built was hacked. I was hosting my own website on a old desktop I had lying around when I realized that a hacker had defaced my site. I then began my long security career.

    I am very passionate about STEM education and regularly spend time in high schools talking to students about IT and IT Security. I sit on the board of advisors for the Montgomery County MD Academy of Information Technology and in that role help place high school students in well paying and interesting internships.

  • Lifetime access to 25 lectures and 2 quizzes
  • 2+ hours of high quality content
  • A community of 2500+ students learning together!

Wireshark Crash Course

Learn hands on network analysis start to your journey towards a career in network engineering and cyber security
27 reviews


Discover courses made by experts from around the world.

Take your courses with you and learn anytime, anywhere.

Learn and practice real-world skills and achieve your goals.


Wireshark is the most widely used network capture and protocol analyzer on the market. It is used by IT and Network administrators to troubleshoot network connectivity issues and by Network Security analysts to dissect network attacks. This free and open source application is so widely used in the industry because it works. It is cross platform, meaning that it runs on Windows, Mac, Linux and FreeBSD.

This course is an introduction to the application and goes over the basics to get you started capturing and analyzing network traffic. It will build your base by explaining the theory behind how networks work and then get you in to real world applications of the software.

In this course you will learn:

  • The basics of how networks operate
  • How to capture traffic on wireshark
  • How to use display and capture filters
  • How to use command line wireshark to work with large packet captures
    • Computer with Network Card
    • Basic Understanding of Networking
    • Over 25 lectures and 2 hours of content!
    • Understand how Networks Operate
    • Capture Network Traffic in Wireshark
    • Filter Captured Traffic in Wireshark
    • Network Administrators
    • System Administrators
    • IT Security Analysts


30 day money back guarantee
Lifetime access
Available on Desktop, iOs and Android
Certificate of completion


  • SECTION 1:
  • 1
    Course Promo

    Course Promo

  • 2
    Instructor Introduction

    Introduction to the course material and the instructor

  • 3
    What is Wireshark?

    This lecture covers what wireshark is, it's history, what its used for and the graphical interface.

  • 4
    What is the OSI Model?

    In this lecture we discuss the Open Systems Interconnect (OSI) Model and how it relates to wireshark.

  • 5
    4 questions
  • SECTION 2:
    Installing Wireshark
  • 6
    Install Wireshark on Windows

    This lecture sets up the nuances of installing Wireshark on multiple platforms. We will dive in to installing on Windows 7 and also the need for WinPCAP.

  • 7
    Install Wireshark on Mac

    This video goes over installing the X11 client XQuartz and installing Wireshark so that it works properly with XQuartz.

  • 8
    Install Wireshark on Linux

    Instructions on how to install and run wireshark on Ubuntu 12.04

    Commands Used:

     01:25 - sudo apt-get install wireshark
     02:22 - wireshark 
  • SECTION 3:
    Capturing Network Traffic
  • 9
    Where to place Wireshark

    This lecture will discuss the theroy behind placing wireshark in the proper location on a network for maximum packet capture.

  • 10
    Your First Capture

    Here we will set up your first network capture. We will discuss many of the options related to packet captures.

  • 11
    Capture Filters

    Capture filters are great for capturing a small subset of traffic on a very congested network. This lecture will explain how to build capture filters and how to apply them in wireshark. See some of the supplemental resources for more detialed information on all the filters available.

  • SECTION 4:
    Analyzing Network Traffic
  • 12
    Working with the Wireshark Interface

    Once you have captured traffic from the network, wireshark has a whole host of tools that allow you to manipulate the data. This lecture will show you some of the common tools such as time shifting, changing column preferences and merging PCAP files.

  • 13
    Display Filters

    Display filters allow you to display only the packets you want to see or to filter out packets that you don't want to see. In this lecture we will discuss several ways to build display filters and how to save them for future use.

  • 14
    Sample Display Filters
  • 15
    Follow Network Conversations

    In your captured data there may be several computers all talking at once. Wireshark has the ability to rebuild these "conversations" and show you the plain text data. This lecture will show you how to rebuild the conversations and see what conversations happened on the network.

  • 16
    Exporting Objects

    One of the main functions of networks is to transfer files between two end points. While the wireshark interface shows you the individual packets it may be difficult to see what was actually transmitted. Wireshark has several tools that will rebuild files that were transmitted over HTTP and SMB. This lecture will show you two ways of rebuilding files from a PCAP.

  • 17
    Carve Packet Streams

    Tshark is a command line version of wireshark that comes bundled with the application. It is very handy for scripting and carving smaller pcap files out of larger pcap files. This lecture will demonstrate the power of this program.

    Commands Used:

     01:13 - tshark --help
     02:30 - ls -lah 
     03:11 - tshark -r large.cap -R http -w small.pcap 
     03:32 - ls -lah 
  • SECTION 5:
  • 18
    Additional Resources
  • 19
    Thank You!

    Thank you so much for taking my course. If you would like to keep up with me you can signup for my newsletter and I will send you updates to the course and sneak peaks/discounts on future courses. Signup here.

  • SECTION 6:
    BONUS - Student Questions
  • 20
    Field Extraction with tshark

    In this lecture we will go over some advanced tshark uses. Discussing field extraction using tshark and organizing the output.

    Commands Used:

     02:53 - “tshark -r http.pcap -T fields -e http.request.method” 
     03:56 -“tshark -r http.pcap -T fields -e http.request.method | sort | uniq -c” 
     05:30 - “tshark -r http.pcap -T fields -e http.request.uri” 
     07:21 - “tshark -r http.pcap -R “http.request.method == “GET”” -T fields -e ip.dst” 
     07:44 - “tshark -r http.pcap -R “http.request.method == “GET”” -T fields -e ip.dst | sort | uniq-c” 
  • 21
    Find Malicious IPs

    In this lecture I discuss using wireshark and Virus Total to discover if any computers on your network are communicating with known bad IP addresses.

  • SECTION 7:
  • 22
    Introduction to TCPDUMP

    An introduction to TCPDUMP and how it is different from wireshark.

  • 23
    Capturing Traffic with TCPDUMP

    Start your first capture using TCPDUMP and learn the common command line switches.

    Commands Run:

     00:30 - man tcpdump 
     03:48 - tcpdump -D 
     04:26 - tcpdump -i en0 
     05:05 - tcpdump -i en0 -n 
     05:37 - tcpdump -i en0 -n -vvv 
     06:16 - tcpdump -i en0 -n -vvv -w test.pcap 
     07:16 - tcpdump -i en0 -n -vvv -s 96 -w test.pcap 
  • 24
    TCPDUMP Capture Filters

    Create filters for TCPDUMP using the Berkley Packet Filter (BPF) syntax.

    Commands Run:

     02:50 - tcpdump -i en0 -n -vvv host 
     03:14 - tcpdump -i en0 -n -vvv host and port 80 
     04:17 - tcpdump -i en0 -n -vvv net and port 80 
  • 25
    Carving PCAPS with TCPDUMP

    Use TCPDUMP to carve smaller pcap files out of much larger datasets.

    Commands Run:

     00:28 - ls -lah 
     01:13 - tcpdump -r sansholidayhack2013.pcap tcp and port 80 
     01:37 - tcpdump -r sansholidayhack2013.pcap -w http.pcap tcp and port 80 
     01:41 - ls -lah 
     02:23 - tcpdump -r sansholidayhack2013.pcap -w badip.pcap host 
     02:26 - ls -lah 
  • 26
    TCPDUMP Cheat Sheet
    3 pages

    Cheat sheet for TCPDUMP commonly used commands and filters.

  • 27
    TCPDUMP Quiz
    4 questions


Hours of video content
Course Enrollments


  • 25
  • 1
  • 0
  • 0
  • 1


  • Reotee Shanker

    Excellent course. I learned a whole lot more quickly from your course than i could from a book. Your style of teaching is wonderful. You should think of creating a course in Networking troubleshooting with Wire shark and TCPDUMP. Very good course form Network Administrators

  • Brian Murray
    WireShark Crash Course Review

    Great crash course filled with examples, screen shots and walk-through videos. Lots of good practical information and conscientious tips as well.

  • Eric Marnell
    Excellent Wireshark course

    Found this very helpful in diving into Wireshark. Will use as a reference, launching point for additional training with it. Nice job Kyle!

  • Robert Czymoch
    Very nice intro to Wireshark

    This course goes over all the relevant basics of Wireshark. So by the time you are finished you could start using Wireshark and then increase your learning from that point.

  • Harv Samra
    Very worthwhile course.

    This is a great course to learn about Wireshark. Instructor was very concise.

  • 30 day money back guarantee!
  • Lifetime Access. No Limits!
  • Mobile Accessibility
  • Certificate of Completion
MORE FROM Kyle Slosek