Network Traffic Analysis with Wireshark Training (NTA01)

"The instructor was very knowledgeable and knew how to balance the load between the material and student engagement. He engaged the audience through personal experience examples and gain the audience's trust fast by proving himself as the subject matter expert."
Network Traffic Analysis with Wireshark Training
Delivery Option:
Add To Cart

Learn to decode network traffic with Wireshark

This packet analysis course focuses on capturing, filtering, and analyzing network traffic to identify security vulnerabilities, track down network intrusions, troubleshoot network issues, and perform network forensics. The course includes real-world, hands-on scenarios featuring packet captures from network attacks and forensics investigations. Attendees will learn how to reconstruct network intrusions and extract information, such as credentials, images, malware, and Indicators of Compromise (IOCs) from packet capture files. Attendees will also learn how to piece together and extract network evidence and tie the evidence to a suspect. Wireshark is the primary tool used throughout this course, but other tools and techniques are covered as well.

Who Should Attend

Do you...

  • Perform malware analysis
  • Perform penetration testing
  • Care if someone is a Man-In-The-Middle (MITM), sniffing your traffic at Starbucks, the hotel, etc.
  • Troubleshoot network applications or network latency
  • Track down infected users and top bandwidth consumers
  • Perform incident response
  • Want to know if you are infected with malware

If any of the above apply to you, you should attend the course.


General knowledge of TCP/IP, networking, and the OSI Model. Exposure to networking protocols and technologies such as DNS, DHCP, ICMP, FTP, HTTP, SMTP, and ARP.

What did you find most beneficial about this course?

”The wide knowledge provided by the instructor.”
— Cyber Defense Officer, United States Air Force


  • Network and Traffic Analysis Basics
  • Wireshark Overview and Use
  • Working with Captured Packets – Lower-Level Protocols
  • Working with Captured Packets – Higher-Level Protocols
  • Basic Real World Scenarios
  • Protocol Dissection

Topics Covered

  • TCP Flags
  • Wireshark
  • IPv4 
  • IPv6
  • ARP
  • DHCP
  • ICMP
  • DNS
  • SMTP
  • FTP
  • TFTP
  • HTTP
  • Wireshark Filtering
  • Wireshark Colorization
  • Wireshark Statistics
  • Trace File Formats
  • Network Miner
  • Exporting Objects
  • Packet Capture Data Extraction
  • Base64
  • GeoIP
  • Social Media
  • Browser Credentials
  • HTTP Methods
  • HTTP User-Agents
  • Network and Packet Analysis
  • OSI Model
  • Sniffing Techniques
  • Packet Analyzers
  • Clear Text Protocols
  • Man-In-The-Middle (MITM) 
  • Unicast Traffic
  • Broadcast Traffic
  • Multicast Traffic
  • TCP
  • UDP
  • Ports
  • Control Channels
  • Data Channels
  • Covert Channels
  • Wireshark Searches
  • Wireshark Streams
  • Wireshark Profiles
  • Capture Filtering
  • Display Filtering
  • Encryption
  • Encoding / Decoding 
  • Network Traffic Analysis Methodology
  • Protocol Dissection
  • HTTP Cookies
  • Protocol Decoding


Layer 2 Man-In-The-Middle (MITM) Attack Packet Capture

Gained a better understanding of Wireshark by using many examples.
— Systems Engineer, The Boeing Company

3 days

Continuing Education Credits



Our public training is located 20 minutes east of St. Louis, outside Scott Air Force Base

Our public training is located 20 minutes east of St. Louis, outside Scott Air Force Base


Our public courses are offered less than 20 minutes from downtown St. Louis at our partner, TechGuard Security's office, located outside of Scott Air Force Base.

703 Seibert Rd, Suite 2
Scott Air Force Base, Illinois 62225

We also offer private onsite courses, at your location.  We love to travel and will gladly send a trainer to your location. Please Contact Us for more information.


Live, Instructor-Led Training with a dynamic trainer that is a cyber security professional. Instructors have real-world experience with the material covered in the course.


  • January 3-5 (W-F), 8:30am - 4:30pm, 2018
  • April 9-11 (M-W), 8:30am - 4:30pm, 2018
  • June 18-20 (M-W), 8:30am - 4:30pm, 2018


Network Traffic Analysis with Wireshark Training
Delivery Option:
Add To Cart