Advanced Wireshark

You've used Wireshark before to watch packets on the network, and maybe you even wrote filters to get rid of all the noise you don't care about. But what about doing really advanced things like following a stream or listening to VOIP phone calls, pulling images out of captures, detecting duplicate DHCP offers, and finding downright shady stuff on the wire? We'll also show you why running Wireshark as root is a BAD idea. After this, you'll be able to go back with new Wireshark skills that will have you finding irregularities on the network in no time. Before taking this class, I recommend that you have an intimate familiarity with Wireshark. You've run it before, you've tracked down some stuff and wrote some boolean filters. We're going to skip over that stuff and dive into the more advanced features of Wireshark, including non TCP/IP things too!

Who should attend:
System and network administrators with experience with Wireshark, who want to learn more.

Take back to work:

• Follow streams
• Capture images
• Listen to VoIP
• Detect duplicate DHCP offers

Topics include:

• Capture Filters
• What is a BPF, and why should I compile it?
• Security issues & breaking the crap out of Wireshark
• Statistics
• Packet lengths—why you should care
• IO Graph—find the noisy talkers
• Endpoints—who’s talking to who
• Listening to VOIP calls with Wireshark
• Searching for clear text
• Passwords
• And anything else that might be interesting
• What does a crappy network look like?
• Troubleshooting
• Use case #1—Loaded pcap—Tiny MTU
• Shenanigans on the Wire (Dual DHCP servers)
• Wrong broadcast address/netmask
• IPv6 neighbor smacking