Wireless IP Network Analysis Using Wireshark
Course Duration
5 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Familiarity with TCP/IP networking, Wi-Fi fundamentals, and network infrastructure devices such as switches, routers, etc.
Course Description
In this hands-on course, you will receive in-depth training on Wireshark® and WiFi communications analysis. You will develop the skills to capture, decrypt and analyze wireless packets. The student will walk away with a set of analysis techniques focusing on the use of vendor-neutral, open source tools.
Course Outline
Wireshark
- Perform unattended captures with auto-stop conditions
- Apply a decryption key to reveal upper layer protocols for analysis Verify the key decrypted traffic
- Troubleshooting steps if decryption is unsuccessful
- Capture and Display filter syntax
- Statistics and graphs
- Filter on addresses, protocols, fields or traffic characteristics
- Filter on keywords using wildcards and regular expressions
- Reassemble and extract files from captured traffic
- Dissect and fix malformed packets
Command Line Tools
- Aircrack-ng Suite Switch the capture adapter into monitor mode with Airmon-ng
- Capture with Airodump-ng
- Crack WPA/WPA2 passphrase keys with Aircrack-ng
- Inject packets with Aireplay-ng
- Capinfos
- Dumpcap
- Editcap
- Mergecap How to merge pcaps of a similar file type; cap, pcap, pcappi, pcapng, and kismet
- Reodercap Reordering EAPOL handshakes
- Tcpdump Filter on large pcaps
- Tshark Streamline analysis especially for large pcaps
- Traffic analysis to perform network mapping of access points of interest and associated clients given a large pcap
- Extracting packets for specific MAC/BSSID/SSID/etc to a smaller file for analysis
- Nmap
802.11 Capture and Analysis
- 802.11 Operation Modes Device-to-Device (Adhoc) Communication
- Basic Service Set (BSS)
- Basic Service Set Identifier (BSSID)
- Extended Basic Service Set (ESSID)
- 802.11 MAC Layer Frame Types Management
- Control
- Data
- 802.11 MAC Layer Frame Formats Frame Control
- To/From DS
- Addresses
- Filter random MAC addresses
- 802.11 Address Types Transmitter vs. Source Address
- Receiver vs Destination Address
- 802.11 Operation and Frame Exchanges Beacons
- Probe Request/Response
- Authentication/ACK
- Association Request/Response
802.11 Security
- WLAN Discovery Techniques Use Wireshark WLAN Statistics to correlate MACs to BSSIDs, and BSSIDs to SSIDs
- How certain traffic appears coming across the network De-authing repeatedly
- Nmap scans
- 802.11 Authentication and Key Exchange 802.1X/EAP exchanges Pre-Shared Key authentication
- Four-way handshake
- Group key exchange
- Compare encrypted vs decrypted traffic – What can be gained from each
Decrypted Protocol Analysis
- Understanding the value of: User agent strings
- Port numbers
- Public vs private addresses
- Understanding what can be gained from: ARP & ARP Requests
- DHCP
- HTTP
Hardware used in class:
Frequently Asked Questions
What does the Wireless IP Network Analysis Using Wireshark course cover?
This course covers Network traffic analysis and packet inspection with Wireshark. IT Dojo delivers it as live instructor-led training with an emphasis on practical skills for government and DoD professionals.
How long is IT Dojo's Wireless IP Network Analysis Using Wireshark training?
IT Dojo's Wireless IP Network Analysis Using Wireshark training is 5 Days. It is available as live remote online instruction or on-site at your facility. All sessions are instructor-led with small class sizes to ensure individual attention.
Is this course available as live remote online training?
Yes. IT Dojo offers Wireless IP Network Analysis Using Wireshark as live remote online training. A certified instructor leads the session in real time — students interact via chat or microphone. Classes are kept small (typically no more than 16 students) to ensure engagement. On-site delivery at your government facility or contractor location is also available.
What prerequisites are recommended before this course?
Familiarity with TCP/IP networking, Wi-Fi fundamentals, and network infrastructure devices such as switches, routers, etc.
Does IT Dojo offer this training on-site at government or DoD facilities?
Yes. IT Dojo delivers Wireless IP Network Analysis Using Wireshark on-site at government agencies, DoD commands, military installations, and contractor facilities. On-site training is ideal for teams of four or more and can be customized to your organization's specific environment and mission requirements. Contact IT Dojo to schedule.
How do I register for this course?
IT Dojo training is employer-sponsored — your organization registers and pays for seats. To schedule Wireless IP Network Analysis Using Wireshark for your team, contact IT Dojo via the Request Training form or call 757-216-3656. IT Dojo will work with your contracting officer, training coordinator, or program office to set up the course.