Troubleshooting with Wireshark: Fundamental Protocol Analysis

Improve your network behavior troubleshooting skills and knowledge of protocols with this course. You'll use Wireshark to observe protocol logic, examine ICMP messages, capture DHCP traffic, and learn about basic DNS operation and how TCP operates.
Course info
Rating
(45)
Level
Intermediate
Updated
Mar 28, 2016
Duration
3h 42m
Table of contents
Introduction to Troubleshooting and Protocol Analysis
Troubleshooting with Ping and Traceroute
Troubleshooting with ICMP Error Messages
Troubleshooting Dynamic Host Configuration Protocol (DHCP)
Troubleshooting Domain Name System (DNS) and Slow Networks
TCP Sequence and Acknowledgment Numbers
Description
Course info
Rating
(45)
Level
Intermediate
Updated
Mar 28, 2016
Duration
3h 42m
Description

Wireshark is a very powerful tool for troubleshooting, but getting started with it can be overwhelming when it comes to the protocols for solving network behavior issues. This course, Troubleshooting with Wireshark: Fundamental Protocol Analysis, will help you to understand how fundamental protocols operate using Wireshark as the mechanism for observing protocol logic in action. You'll start by learning about Ping and Traceroute and how they make use of ICMP, an important troubleshooting protocol, and ICMP messages. Next, you'll cover DHCP traffic, options, and improper behavior, followed by learning about basic DNS operation and DNS issues. Finally, you'll learn about TCP operations, sequence and acknowledgment numbers, and behavior. By the end of this course, you'll be able to expertly use Wireshark to analyze and solve complex network protocol issues you may have in the future.

About the author
About the author

For nearly 20 years, Ross has taught and managed data networks.

More from the author
Network Troubleshooting and Tools
Beginner
2h 54m
20 Apr 2018
Network Security Basics
Beginner
2h 16m
20 Apr 2018
Networking Concepts and Protocols
Beginner
5h 26m
20 Apr 2018
More courses by Ross Bagurdes
Section Introduction Transcripts
Section Introduction Transcripts

Troubleshooting with Ping and Traceroute
Welcome to Pluralsight. I'm Ross Bagurdes. This course is Troubleshooting with Wireshark, Fundamental Protocol Analysis. And in this particular module, we're going to be looking at troubleshooting with ping and traceroute. One of the issues that I have seen consistently throughout my career as an educator of IT networking is that newbie students tend to not know how to appropriately interpret ping results and many network engineers that I've experienced often times don't know the value of using traceroute. So, let's dive in and take a look at this. All right, so here's our goals for this module. I want to introduce Internet Control Message Protocol, which is ICMP. It's the protocol that ping uses and traceroute uses to gather information about distant devices. Second, I want to examine how ping and traceroute use this protocol, all right. I want to see how these utilities implement ICMP. Then we're going to look at Wireshark and observe ping and traceroute behavior. And finally, we're going to use all that information that we gather from Wireshark and from our understanding of how ICMP works to demonstrate how we can interpret ping and traceroute output to make some really great troubleshooting decisions about what's happening in our system.

Troubleshooting with ICMP Error Messages
Hi, I'm Ross Bagurdes. In this next module, we're going to look at troubleshooting with ICMP, specifically, the error messages. What I had not anticipated when I was putting these modules together is the amount of time it was going to take to discuss and cover all the ICMP troubleshooting pieces that we can use. What I'm very happy about is that I was able to go into this deep dive and take a look at ICMP at this level. Hopefully, this is giving you some very great ideas and shifting how you use ping and tracert to do troubleshooting. So, in this next piece, we're going to look at just the error messages for ICMP. We saw a little bit of it in the previous module with the "time to live expired", but let's dive into this. Our goals here: I want to capture ICMP error messages with Wireshark. I want to use those error messages to troubleshoot network issues, and then we're going to examine a ICMP redirect message with Wireshark. All right, that redirect message is not necessarily an error message, however, we are going to examine it and discuss what a redirect message would mean on your network. Let's go into the demo.

Troubleshooting Dynamic Host Configuration Protocol (DHCP)
Welcome to Pluralsight. I'm Ross Bagurdes. In this module, we're going to look at troubleshooting dynamic host configuration protocol or DHCP using Wireshark. Here's our goals. I want to explain the basics of DHCP operation. After we do that I want to explain a little more complex topic, which is using a DHCP relay agent in order to get DHCP requests to a server on some other network. We're going to use Wireshark to observe correct DHCP operation. We're going to examine some of the DHCP options, specifically option 50. And then we're going to examine some improper DHCP behavior. Let's get started.

TCP Sequence and Acknowledgment Numbers
Welcome to Pluralsight, I'm Ross Bagurdes. In this video we're going to look at TCP sequence and acknowledgement numbers. Now most of us already know about the three-way handshake. We're going to talk about that a little bit, but the bigger deal here with TCP is that it uses sequence numbers to keep track of how much data was sent between the two endpoints. And I want to look at the relationship between sequence numbers and acknowledgment numbers, so that we can later on use that information to do some real hardcore troubleshooting with TCP. For the moment though, I want to just introduce this topic and get you really to start practicing and looking at capturing data, and examining the TCP sequence and acknowledgement numbers to see exactly how that's working. Here's our goals for this module. One, I want to explain the basic TCP operation, make sure that we have a very fundamental, strong understanding of what TCP is doing. Second, I want to explain the purpose of the TCP sequence and acknowledgement numbers. We're going to see that TCP uses these numbers to determine how much data has been sent and how much data has been acknowledged received. I want to use Wireshark then to observe TCP sequence numbers and acknowledgement numbers in action. Alright, I'm going to transfer a file from one device to another and we're going to take a look at how those numbers increment in TCP.