CellStream Logo trim plus TM 150x50

CSI-HO-020-F – Explore Packet Analysis with Wireshark Security Edition – 2 Day

CellStream Logo trim plus TM 150x50  

CellStream, Inc. – Telecom Consulting and Training!            

2-Day Instructor Led Hands On Lab Class
Available in either Web Based delivery or On-Site Delivery
Minimum 10 students – Maximum 20 students


wireshark seced

Course Description:

Network security protocols are designed to ensure privacy and integrity of data that is transitioning our networks, and prevent unauthorized access. They define the processes and message exchanges to protect networks from illegitimate attempts to capture and extract meaningful information about the network or the data being carried over the network.

This course shows the learner how to use Wireshark to further their understanding of commonly deployed network security protocols that are deployed in IP networks today. Security protocols covered in in this course include: Telnet and SSH, TLS both the legacy versions and the new version 1.3, key IPsec protocols, which includes IKE, ISAKMP, AH, and ESP, and 802.1X port-based access control, which encompasses RADIUS, EAP, and EAPoL.

This course shows the student how to use Wireshark to capture traffic and identify the security protocols that are being implemented in the network. This course will also highlight key capabilities in Wireshark that can be used to analyze and troubleshoot network traffic to identify security issues. This includes defining Wireshark security profiles, using Wireshark capture and display filters to identify protected and unprotected traffic, coloring rules, and using relevant Wireshark statistical tools, in addition to how to leveraging Wireshark decryption capabilities.

Course Objectives:

The objectives of the course are:

  • Understand how to identify network security protocols and mechanisms being deployed to protect network traffic
  • Use the Wireshark statistical and decryption tools available to analyze network security traffic
  • Develop Wireshark profiles, filters, and coloring rules to facilitate analyzing and troubleshoot network security protocols and mechanisms
  • Distinguish between common security protocols being applied at the application, transport, network, and data link layers.
  • Explore in detail the most common security protocols used in protecting network traffic, including SSL/TLS, HTTPS, Telnet, SSH, IPsec including IKE, ISAKMP, AH and ESP, and 802.1X, including RADIUS, EAP, and EAPoL.
  • Improve the learner’s knowledge on network security and how to apply it to their job function.


This course is designed for individuals that require a deeper understanding of network security protocols, including designers, product developers, analysts, and technical support personnel. Specific use cases include:

  • Security professionals that need to understand how to leverage Wireshark in their job
  • Network administrator that need to understand the security mechanisms implemented in the networks they support
  • Network security engineers that need to examine and investigate wireless security issues
  • Developers that need to debug protocol implementations
  • IT professionals that need to understand and explore network security protocol internals

Course Prerequisites:

This course is designed to appeal to anyone needing to further their understanding of network security. This course does not require any specific prerequisites, however knowledge of how to use Wireshark and an understanding of network security principles would be beneficial.

This is a hands-on course. Students are expected to have access to a computer that they can install the Wireshark application on. However, no prior knowledge of Wireshark is required.

Class size is limited to 20 students.

Course Materials:

Students will be provided with a PDF Course Student Guide and PCAP files used in the hands-on labs. Students will also have access to labs and supporting material at the Online School of Network Science (www.netscionline.com).

Related Content:

This course should be preceded with either the Hands On TCP/IP Fundamentals, Hands On TCP/IP and Ethernet Fundamentals, or one of the IP Routing/Addressing 101 courses.

We offer a number of different Wireshark courses, with a focus on different use cases:


Course Outline:

  • Getting started with Wireshark
    • The ethics of capturing wireless traffic
    • Understanding why Wireshark does and doesn’t do
    • Installing Wireshark and doing a live capture
    • Exporting and saving packet captures
    • A close look at Telnet
  • Deep dive analysis of Secure Shell (SSH)
    • Leveraging Wireshark’s packet search capabilities
    • Using capture filters
    • Analyzing traffic with display filters
    • A close look at SSH
  • Deep dive analysis of Transport Layer Security (TLS)
    • Creating coloring rules to identify key security issues  
    • A close look at SLS/TLS
  • Deep dive analysis of Internet Key Exchange
    • Defining your preferences
    • Creating configuration profiles
    • A close look at IKE
  • Deep dive analysis of IPsec
    • Leveraging Wireshark statistics in analyzing network traffic
    • Decryption traffic in Wireshark
    • A close look at AH
    • A close look at ESP
  • Deep dive analysis of 802.1X
    • Merging packet captures
    • A close look at IEEE 802.1X
    • Analyzing RADIUS messages
    • A close look at EAP and EAP Authentication methods
    • Analyzing EAPoL messages
  • Supplemental material
    • A look at Layer 2 Tunneling Protocol (L2TP)
    • A look at the new QUIC protocol

Course Labs

  • Telnet
    • Part 1: Live packet capture and timestamps
    • Part 2: Export package and Telnet port numbers
    • Part 3: Changing columns and Telnet authentication
  • SSH
    • Part 1: Display filters and SSH service requests
    • Part 2: Expressions and SSH performance
    • Part 3: Filtering TCP conversations
  • TLS
    • Part 1: Coloring rules and TLS versions
    • Part 2: Colorizing packets and TLS 1.2 security attributes
    • Part 3: Compare and contrast TLS 1.2 and TLS 1.3
    • Part 4: TLS 1.3 0-RTT (OPTIONAL)
  • IKE
    • Part 1: Configuration profiles and ISAKMP
    • Part 2: Establishing and IKE security association
  • IPsec
    • Part 1: Statistics and IPSEC AH
    • Part 2: Decryption and IPSEC ESP
  • 802.1X
    • Part 1: 802.1X USING PEAP AND RADIUS
    • Part 2: EAPOL and the 4-Way Handshake (OPTIONAL)
  • Supplemental labs
    • Layer 2 Tunneling Protocol (L2TP)
    • Quick UDP Internet Connections (QUIC)

Course Availability:

Contact us for schedule dates and times.

View the course calendar and browse for our schedule.


Course Description, Content, Outline, and Instructional Design are Copyright ©CellStream, Inc.


Leave a Comment

Contact Us Here

Please verify.
Validation complete :)
Validation failed :(
Your contact request has been received. We usually respond within an hour, but please be patient. We will get back to you very soon.