Module 1 — Environment & Foundations
Setting up the analysis environment, configuring hardware, and performing your first captures. Students establish the toolchain and workflows used throughout the course.
Module 2 — Wireshark Configuration & Profiles
Creating purpose-built analysis profiles, customizing the interface for different investigation types, and building reusable filter and visualization presets.
Module 3 — Capture & Display Filtering
Mastering Berkeley Packet Filter syntax for targeted capture, crafting precise display filters, and building quick-access filter toolbars for common analysis scenarios.
Module 4 — Wireless Mode Operations
Configuring wireless interfaces for raw 802.11 capture, managing monitor mode, and implementing channel-hopping strategies for comprehensive wireless coverage.
Module 5 — Traffic Visualization & Geolocation
Integrating geographic intelligence into captures, building color-coded rule sets for rapid frame identification, and customizing the analysis workspace for wireless investigations.
Module 6 — Packet Analysis & Pattern Recognition
Identifying authentication sequences, recognizing common wireless attack patterns, and applying structured reconnaissance techniques to large capture files.
Module 7 — Wireless Architecture Discovery
Reconstructing network topologies from captured traffic, interpreting 802.11 addressing and distribution system indicators, and identifying hidden devices and protocols.
Module 8 — Credential & Authentication Analysis
Examining web authentication mechanisms at the packet level, identifying credential exposure across multiple encoding and transport methods.
Module 9 — Command-Line Capture Tools
Working with tshark and tcpdump for scriptable, headless packet capture and field extraction — essential skills for automation and remote analysis.
Module 10 — Custom Tooling with Python & Scapy
Building bespoke frame dissectors and analysis scripts, extending capture capabilities beyond what GUI tools offer alone.
Module 11 — Remote & Distributed Capture
Performing live packet capture across remote systems over SSH, managing privilege boundaries, and choosing the right capture engine for the task.
Module 12 — Containerized Deployments
Running analysis platforms in Docker for portable, reproducible environments — including browser-accessible Wireshark, mapping services, and network monitoring tools on embedded hardware.
Module 13 — Wireless Security Assessment
Applying industry tools to evaluate the strength of captured wireless handshakes and authentication material.
*All labs are performed on real hardware in a dedicated wireless environment. Students should bring a laptop running Linux (Ubuntu recommended). USB wireless adapters and router hardware are provided.*