Trainings 3 and 4

Hands-on Wireshark

There are two trainings:

  • Morning:      [T3] Speed up your forensics and network analysis
  • Afternoon:   [T4] Capture and analyze 802.11 traffic

See details below.

 

Trainer:

Thomas Baudelet (founder of iwaxx Sàrl)

Thomas Baudelet
(founder of iwaxx Sàrl)

Graduated engineer from INSA Rennes (France) in 2003, Thomas worked worldwide during 3 years for Alcatel-Lucent as an integrator of GPRS services (MMS & WAP servers) for national telecom operators in countries such as Russia, Nigeria, Egypt, United Arab Emirates, Thailand, Yemen, Togo, and Sri Lanka.
He faced various system technologies, live networks of millions of users, and developped his taste for problem solving on complex and critical architectures.
In 2006, he joined the Geneva University Hospitals network team and daily worked on network and security technologies: firewall, VPN, routing, administration of a public class B network, wireless, PKI, load balancers, and VoIP. He set up the actual WLAN architecture: 1'800 Access Points located throughout the canton of Geneva and the PKI authentication.
In 2010, he created his own company, iwaxx Sàrl, and since then he has been offering his services in troubleshooting, network analysis, integration and training. His customers include companies such as three different private banks in Geneva, SIG, Etat de Vaud, HUG, Adecco, AVASAD, etc.  

Language:

All supports and slides will be in English.
The speakers will talk in English or in French.

Prices:

T3 only:     CHF 350.-
T4 only:     CHF 350.-
T3 and T4: CHF 600.-


T1 - Hands-on Wireshark: Speed up your forensics and network analysis

Duration:

Morning, from 8:45 to 12:00

Content:

This training will focus on practical behaviors to have with Wireshark in front of a network capture file. The basic usage will be explained and then we'll quickly focus on labs and digging into real life packet captures. For each lab, we'll concentrate on how we should use Wireshark at its best to focus on our problematic.

Table of content:

Part I:
  • Introduction to Wireshark
  • Packet capture techniques
  • Capture and display filters
    Lab: filtering various captures looking for common mistakes, anormal results, misbehaviors of filters
  • Capture filter for forensics
    Lab: analyzing malware traces / scanners' behaviors
  • Create adapted profiles
    Lab: creating the "perfect" analysis profile and populating it all along the training
  • Tshark and command line tools
Part II:
  • Methodology: Steps to follow in front of a capture trace
    Lab: quickly eliminate traffic in a 1 GB packet capture
  • Don't be fooled by Wireshark: avoid spending times on false alarms
    Lab: analyzing common TCP problems
Part III:
  • SSL/TLS decryption
    Lab: Testing various decryption techniques
  • Anonymize your network captures
  • Wireshark v2: the future of Wireshark

Audience type:

This training is opened to all people having a minimum knowledge of networking: knowing the basic purpose of DNS/ARP, the role of a default gateway, a VLAN, etc. People who don't have any experience at all with Wireshark are more than welcomed. Profile is not only restricted to network guys, but also system engineers, technical support team, and developpers.

Requirements:

A laptop with last stable version of Wireshark (currently 1.12.7) running on Windows, OS X or Linux. Although Wireshark 1.99.x is available (soon to be launched as Wireshark 2.0), it’s not quite ready for prime time in this class.


T2 - Hands-on Wireshark: Capture and analyze 802.11 traffic

Duration:

Afternoon, from 14:00 to 17:30

Content:

This hands-on training event is dedicated to capture and analysis of Wi-Fi traffic. After some basic and practical theory, we'll test the different ways of capturing WLAN traffic on Windows, OS X and Linux. We'll face the challenges of these half-duplex communications compared to LAN capture. Most common authentication methods present on corporate networks will be dissected (EAP-TLS, PEAP, PSK) with real-life problems that may appear. We'll finish with the major claim of users: bad throughput troubleshooting and some packet challenges.

Table of content:

Part I:
  • Radio basics in practice
  • What to expect in the air: 802.11 mechanisms and real-life values
  • 802.11 capture techniques on Windows / OS X / Linux
  • 802.11 Frame Types
    Lab: What's around us currently?
Part II:
  • Lab: Analysis of EAP-TLS authentication
  • Lab: Analysis of PEAP authentication
  • Lab: Anatomy of a roaming
  • Lab: Decrypt WPA/TKIP and WPA2/AES PSK traffic
Part III:
  • Lab: Troubleshoot authentication failures
  • Lab: Troubleshoot bad throughput
  • Lab: Consequences of different antennas, gain and position
  • Packet Challenges: find the problem!

Audience type:

This training is opened to all people having a minimum knowledge of networking: knowing the basic purpose of DNS/ARP, the role of a default gateway, a VLAN, etc ... No specific wireless knowledge is required, but the basics of Wireshark (which will be presented in the morning in another training) is a plus to focus directly on the packets, not the tool.

Requirements:

A laptop with last stable version of Wireshark (currently 1.12.7) running on Windows, OS X or Linux. Although Wireshark 1.99.x is available (soon to be launched as Wireshark 2.0), it’s not quite ready for prime time in this class. People who have Airpcap dongles are invited to bring them. Some dongles will be available but maybe not one per person depending the number of students.