Training delivery: Face-to-face / Online sections on Google Meet + pre-recorded videos
Trainer: Dr. Saeed Roostaee
What you’ll learn
- Packet sniffing approaches and tools
- How to connect to switched network infrastructure to capture required data
- How to start with Wireshark and its basic settings
- How do you use capture and display filters in Wireshark?
- Tips and tricks on working with packets
- Tips and tricks on working with capture files
- How to analyze GOOSE, Sampled Values, and MMS traffic with Wireshark
- Practical examples
- Capture and interpret network traffic with Wireshark
- Understand core networking protocols – DHCP, DNS, TCP/IP
- Troubleshoot the top five network problems with Wireshark
- Analyze a cybersecurity attack with Wireshark
Content
Using Wireshark for traffic analysis in digital substations
- Introduction and Contents Overview
- Installing Wireshark and the Command Line Tools
- Introduction to packet sniffing and basics of communication protocols
- What are Wireshark Profiles and Why Should We Use Them?
- Hands-On with Wireshark
- Configuring Profiles, Adding Custom Columns
- Configuring the Wireshark Interface
- Making the right connections to start sniffing in a switched environment
- Start capturing with Wireshark and manage its basic settings
- Introduction to Wireshark Filters
Capture filters Vs display filters - Filtering for IP Addresses, Source or Destination
- Filtering for Protocols and Port Numbers
- Filtering for conversations
- Operators in display filters
- Working with packets
- Working with capture files
- Creating Display Filters in Wireshark
- Packets and the OSI Model
- Ethernet – The Frame Header
- Unicasts vs Broadcasts vs Multicasts
- The Internet Protocol – Learning the Header Values
- Following a Packet Through the Network – Re-Encapsulation
- Analyzing a Packet From Multiple Capture Points
- How IP Fragmentation Works
- The UDP Header Explained
- UDP Review
- Practical TCP – The Handshake
- Analyzing TCP Options
- How Sequence and Acknowledgement Numbers Work
- Slow application response time
- High Network Latency
- Network Packet Loss
- TCP Analysis Review
- Digital substation traffic capture analysis
- Practical demo with Wireshark