Getting Started with Wireshark-The Ultimate Hands-On Course

Getting Started with Wireshark-The Ultimate Hands-On Course

Getting Started with Wireshark-The Ultimate Hands-On Course

Go from Packet Zero to Packet Hero with this Practical Wireshark course.

Language: english

Note: 4.8/5 (220 notes) 5,581 students

Instructor(s): Experts with David Bombal

Last update: 2022-05-09

What you’ll learn

  • Capture and interpret network traffic with Wireshark
  • Understand core networking protocols – DHCP, DNS, TCP/IP
  • Troubleshoot the top five network problems with Wireshark
  • Analyze a cybersecurity attack with Wireshark



  • Basic networking – switching, routing



Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind:

What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is “normal” and what can I ignore in all this data?

I froze under the weight of all the detail in the packets.

If you have ever felt that way when looking at a pcap, this is the course for you! 

Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help all IT engineers to improve in their analysis and troubleshooting skills. Assignments have been designed with participation in mind. Download the trace file, try your hand at the questions that go along with it, and see if you can solve the network mystery in the packets.

While learning the art of packet analysis, we will also explore the Wireshark interface, configure custom columns, filters, and coloring rules, learning how to customize the layout so we can spot problems fast. This course will give you comfort with the Wireshark interface and the experience you need to understand core protocols.

My name is Chris Greer and I am a Wireshark University instructor, as well as a packet analysis consultant for companies all over the globe. Like you, I started out looking at packet traces, hoping to find the right ones to solve complex issues on the network. I this course, I bring real-world examples to every lecture, exercise, and course assignment. My goal is for you to get comfortable with the Wireshark interface, learn to interpret the packets, and find actionable data that will help you to resolve problems or spot security incidents faster.

Ready Packet People? Let’s dig!


Who this course is for

  • Network Engineers and Cybersecurity professionals who want to learn Wireshark
  • Threat hunters who want to learn to dig into protocols.


Course content

  • Hands-On with Wireshark – Your First PCAP Lab
    • Section Intro – What will we learn?
    • Installing Wireshark and the Command Line Tools
    • Lab 1 – Hands-On with Wireshark
    • Section Review
  • Configuring the Wireshark Interface
    • What are Wireshark Profiles and Why Should We Use Them?
    • Configuring Profiles, Adding Custom Columns
    • Coloring Traffic
    • Adjusting the Screen Layout
    • Lab 2 – Configuring the Wireshark Interface
    • Section Review
  • Filtering Traffic in Wireshark
    • Introduction to Wireshark Filters
    • Capture Filters vs Display Filters
    • Filtering for IP Addresses, Source or Destination
    • Filtering for Protocols and Port Numbers
    • Filtering for Conversations
    • Operators in Display Filters
    • Demo: Using Operators when Filtering Traffic
    • Special Operators – Contains, Matches, and In
    • Demo: How to Use Special Operators When Filtering
    • Lab 3 – Creating Display Filters in Wireshark
    • Section Review
  • Where and How to Capture Packets
    • Think BEFORE You Capture!
    • How To Capture In a Switched Environment – Local Capture vs SPAN vs TAP
    • Capturing at Multiple Locations
    • Should We Use a Capture Filter?
    • Capturing Traffic with the Wireshark User Interface
    • How to Capture Intermittent Problems – Long Term Capture Configuration
    • How to Capture on the Command Line with Dumpcap
    • Configuring a Ring-Buffer on the CLI
    • How and Where to Capture Packets
    • Section Review
  • The Anatomy of a Packet – How Encapsulation Works
    • Packets and the OSI Model
    • Ethernet – The Frame Header
    • Unicasts vs Broadcasts vs Multicasts
    • The Internet Protocol – Learning the Header Values
    • Following a Packet Through the Network – Re-Encapsulation
    • Lab 4 – Analyzing a Packet From Multiple Capture Points
    • Section Review
  • Practical IP Analysis
    • Section Overview
    • Digging Deeper into the IP ID
    • How to Use the TTL Field
    • How IP Fragmentation Works
    • The IP Flags
    • Whoa! Investigating Suspect Scan Activity
    • A Look at IPv6
    • Configuring Wireshark to Find GeoIP Locations
    • Analyzing a DDoS Attack with GeoIP
    • Lab 5 – Is this scan as bad as it looks?
    • Section Review
  • Practical UDP Analysis
    • UDP Intro
    • The UDP Header Explained
    • How DHCP Works
    • Analyzing DNS
    • Troubleshooting VoIP and Video Streams
    • UDP Review
  • Practical TCP Analysis
    • Section Intro
    • Practical TCP – The Handshake
    • Hands-On with TCP Flags
    • Analyzing TCP Options
    • How Sequence and Acknowledgement Numbers Work
    • Digging into Retransmissions
    • Let’s Shut it Down – FINs vs Resets
    • Lab 6 – Is it the Client, Network, or Server? Can You Isolate the Problem?
    • TCP Analysis Review
  • The Top Five Things to Look For When Troubleshooting with Wireshark
    • Putting it All Together – Section Intro
    • 1. Slow Application Response Time
    • 2. High Network Latency
    • 3. Network Packet Loss
    • 4. Slow File Transfers – TCP Window Problems
    • 5. Network/Application Disconnects – TCP Resets
    • What to do next with Wireshark – Where to go from here.
  • Final Thoughts
    • Bonus Lecture


Time remaining or 493 enrolls left


Don’t miss any coupons by joining our Telegram group 

Udemy Coupon Code 100% off | Udemy Free Course | Udemy offer | Course with certificate