BettyDuBois.com

Our Courses

Learn the Art of Packet Analysis

How Can We Help?

Intro - Advanced

We deliver courses ranging from introduction to Wireshark, to advanced packet analysis.  The most current version is always used.

Customize

Courses can be customized based on your needs.  Add in your own pcaps, or take out concepts already mastered.

Delivery Methods

Courses can be delivered in either a public classroom, onsite with just your team, or as a virtual class.  Whatever suits you best.

Wireshark Profiles

1 Day

Learn More

Deep Dive Into Wireshark

3 Days

Learn More

TCP/IP with Wireshark

5 Days

Learn More

Deep Dive Into Network Reconnaisance

5 Days

Learn More

All Courses Can Be Modified To Suit Your Needs

​Wireshark Profiles

Course Length: 1 Day


Course Overview

This hands-on course will accelerate your ability to interpret Wireshark® packet capture files (pcaps). Profiles should not be a one-size fits all solution. Wireshark profiles can be huge time savers, if you invest the time up front configuring them to be specific to your environment and workflow. The course will cover best practices for creating profiles, determining what should be in a master profile, and making changes and additions to settings.


Who Should Attend

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of Wireshark and TCP/IP protocols


Topics Covered

  • Categories; by location or by protocol

  • Save profiles to different locations 

  • Create a master profile 

  • Determine which protocol settings to change

  • Configure Name Resolution 

  • Edit Expert settings 

  • Enable/disable protocols 

  • Create Custom Columns 

  • Enhance I/O Graphs 

  • Configure Color Rules 

  • Share profiles 

  • Use different profiles to analyze pcaps 


Course Materials

The course includes a student guide with hands-on labs and example packet capture files (pcaps).  Pcaps will be distributed so that profile changes can be used to analyze actual data.  You will leave class with multiple new profiles to use back at the office. 

 

​Deep Dive Into Wireshark

Course Length: 3 Days


Course Overview

This hands-on course is designed for beginners and those who need a refresher on capturing and interpreting packets.  You will receive in-depth training on Wireshark®. You will learn how to use Wireshark efficiently to spot common sources of network and application performance problems.  You will return to your workplace ready to lower mean time to isolation (MTTI).

Who Should Attend 

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of TCP/IP protocols


Topics Covered
  • Wireshark placement
  • Capture wired and wireless traffic
  • Determine capture filters to eliminate wasted analysis time
  • Configure Wireshark using preferences, columns, and colors
  • Save time with profiles 
  • Visualize trends and failures with statistics and graphs
  • Identify slow response time and then determine the "culprit" 
  • Zoom in to only the relevant packets with display filters
  • Use command line tools dumpcap and tshark 
  • Examine IP, UDP, DNS, TCP, and TLS pcaps using all of the topics covered


Course Materials

Course includes a student guide with hands on labs and example packet capture files (pcaps). You will leave class with multiple new profiles to use back at the office. 

​TCP/IP With Wireshark

Course Length: 5 Days


Course Overview

This hands-on course is designed for beginners and those who need a refresh on capturing and interpreting packets.  You will receive in-depth training on Wireshark® and the major TCP/IP protocols.  You will learn how to use Wireshark efficiently to spot common sources of network and application performance problems.  You will return to your workplace ready. to lower mean time to isolation (MTTI)This course will help to prepare you to pass your WCNA certification exam

Who Should Attend 

Network technicians, network engineers, cybersecurity analysts, security engineers and application developers who are at the beginning to intermediate stages of packet analysis. The course will be focused on core concepts around Wireshark and a deep dive into the TCP/IP protocols, helping attendees become more efficient and confident analyzing pcaps.


Prerequisites

Basic knowledge of TCP/IP protocols


Topics Covered
  • Wireshark placement
  • Capture wired and wireless traffic
  • Determine capture filters to eliminate wasted analysis time
  • Configure Wireshark using preferences, columns, and colors
  • Save time with profiles 
  • Visualize trends and failures with statistics and graphs
  • Identify slow response time and then determine the "culprit" 
  • Zoom in to only the relevant packets with display filters
  • Examine Quality of Service, fragmentation, time to live, and addressing for the Internet Protocol - IP
  • Categorize the different types of Internet Control Message Protocol - ICMP.  Determine who caused errors and why. 
  • Compare the possible port number combinations in User Datagram Protocol - UDP
  • Analyze Domain Name System - DNS, how recursion works in client queries, the different types of DNS zones, record types, and error interpretation
  • Analyze VoIP protocols, Session Initiation Protocol - SIP and Real-Time Transport Protocol - RTP, how session establishment works, error interpretation, evaluate packet loss, and examine Wireshark tools specific to VoIP
  • Analyze the handshake of the Transport Control Protocol - TCP, TCP options,  recovery mechanisms for various congestion control algorithms including timings, how the window size can put a halt to traffic, differentiating teardown methods, and using TCP stream graphs to focus on the trouble spots
  • Analyze how Hypertext Transfer Protocol - HTTP web requests are formed including GET and POST parameters, HTTP headers, user agents, request cookies, and error interpretation
  • Analyze Transport Layer Security - TLS handshakes for both 1.2 and 1.3, requirements for session resumption, error interpretation, the different methods of decryption, and how to troubleshoot when decryption is not an option


Course Materials

Course includes a student guide with over 20 hands on labs and example packet capture files (pcaps).  You will leave class with multiple new profiles to use back at the office. 

​Deep Dive Into Network Reconnaissance

 Course Length: 5 Days

 

Course Overview

This hands-on course uses exclusively freely available open source tools, and is beneficial to anyone performing a cyber investigation or vulnerability assessment. Law enforcement and military communities were specifically in mind during the design, however anyone in cyber security would benefit. You will learn to use open-source tools from the Kali.org Linux distribution. You will learn both active and passive methods to gain information on the person(s) of interest. Hands-on labs combined with various hardware demonstrations, give you numerous opportunities to apply what was learned during the lecture.

 

Who Should Attend

Employees of federal, state and local governments; and businesses working with the government. Cybersecurity analysts and security engineers who are at the beginning to intermediate stages of packet analysis.

 

Prerequisites

Basic knowledge of TCP/IP protocols

 

Topics Covered

OSINT - Open Source Intelligence

  • Use TOR to hide source of queries to OSINT sites 

  • Discover the target company’s IP netblocks, domain names and DNS record types via DNSRecon, dnsmap, nslookup and dig

  • Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources; search engines, PGP key servers via SHODAN computer database and theHarvester

Passive Reconnaissance

  • Best practices to capture network traffic on 802.11 wireless and ethernet networks. Aircrack, tcpdump and Wireshark will be used. Capture filters will be used to narrow the scope of the case.

  • Examine 802.11 specific headers as well as the TCP/IP protocol headers

  • Analyze the data using Wireshark. Various statistics and graphing which can be used to isolate connection patterns

  • Identify ARP spoofing in Wireshark

  • Signature identification and filtering for operating systems and connection establishment with Wireshark

  • Extract executables and images from Wireshark

 

Active Reconnaissance

  • Best practices to actively scan an environment. Inventory hosts, networks, and services including banner grabbing.

    • Tools: Nmap, Zenmap, Amap, EyeWitness, and OpenVAS. .

  • Use a SOCKS proxy and Tor to anonymize traffic scans

  • Transparently intercept SSL/TLS connections via SSLsplit

  • Search for potentially sensitive data across the network via smbmap. You will list share drives, drive permissions, share contents, upload/download functionality, and file name auto-download pattern matching.

  • Locate UPnP devices via Nmap. Identify application settings, and enumerate devices and services.

  • Visualize relationships between the information gathered via Maltego to create a summary of the data gathered

 

Course Materials

Course includes a student guide with over 20 hands on labs and example pcaps. 

Photos on unsplash by Chris BayerAlex Rose, and Tomáš Nožina

Ready to get started?

Schedule a free 30 minute session with Betty.


Schedule
Packet Detectives logo, magnifying glass and fingerprint

When users complain about your network or applications, we investigate the crime, find the culprit, and make you look like a hero.

© Copyright DuBois Training & Consulting, LLC. All rights reserved. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation.