網路監聽技術 (WireShark) 課程

CACE Technology Inc. 負責開發網路監聽軟件 WireShark (前稱 “Ethereal”)，該軟件每月錄得五十萬 I.T. 專業人士下載，為資訊科技界非常熱門的網路監聽及疑難排解工具軟件。

WireShark 已被譽為偵察及防衛的必用軟件，正確地使用 WireShark能夠及時發現網路效能及保安事故，並追蹤來源。

WireShark 軟件雲集全球頂尖網路技術及保安專家共同研發十二年，該軟件使用 GPL (General Public License) 授權，費用全免，可用於 Windows / Linux / Unix / Mac OSX 等多種平台，並可讀寫多種格式多種來源的網路錄影檔 (Capture / Trace files) 如 tcpdump, Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer 等等。

課堂由導師即場教授課程理論及進行眾多的商業實習，學員可跟隨實習筆記內的詳細步驟於本中心練習。

1. Introduction to WireShark
1.1 What is WireShark
1.2 System Requirements
1.3 Where to get Wireshark
1.4 A brief history of Wireshark
1.5 How WireShark Works
1.6 WireShark Folders, Plugins and Help
1.7 Resources and References for Analysts
1.8 Data Flow Overview

2. Capturing Packets
2.1 Select an Active Interface
2.2 Capture to Disk
2.2 (cont.) Capture to a Ring Buffer
2.3 Open and Work with File Sets
2.4 Default Capture Filters
2.5 Creating New Capture Filters
2.6 Avoid Dropped Packets

3. Configuring Global Preferences
3.1 Customizing User Interface
3.2 Configuring Global Capture Preferences
3.3 Configuring Name Resolution Preference
3.4 Altering Protocol Settings

4. Navigation and Colorization Techniques
4.1 Locating a Specific Packet Number
4.2 Finding Packets based on Payload Values
4.3 Sorting Columns
4.4 Using and Customizing Packet Colors
4.5 Marking Packets
4.6 Opening Packet in a New Window

5. Examining Basic Trace File Statistics
5.1 Examining Protocol Hierarchies
5.2 Viewing Network Connections
5.3 Viewing Network Endpoints
5.4 Evaluating Destinations
5.5 Viewing IP Address Information
5.6 Evaluating Packet Lengths
5.7 Evaluating IP Protocol Types
5.8 Examining Multicast Streams and Settings

6. Advanced Trace File Statistics
6.1 Creating I/O Graphs
6.2 Creating TCP Time-Sequence Graphs
6.3 Analyzing Flow Graphs
6.4 Evaluating Service Response Times
6.5 Analyze BOOTP/DHCP Statistics
6.6 Viewing HTTP Statistics
6.7 Creating Round-Trip Time Graphs

7. Display Filters
7.1 Following TCP Stream
7.2 Creating Filters from Conversations and Endpoints
7.3 Default Display Filters and Filter Syntax
7.4 Building Filters based on Packets
7.5 Building Filters based on Payload Bytes
7.6 Using Expressions to Build Display Filters
7.7 Using Logical Operators
7.8 The Ten Most Useful Filters

8. TCP/IP Resources and References
8.1 The TCP/IP Resolution Process
8.2 Faults in the Resolution Process

9. Analyzing Domain Name System (DNS) Traffic
9.1 Analyzing Normal DNS Traffic
9.2 Abnormal DNS Traffic

10. Analyzing Address Resolution Protocol (ARP) Traffic
10.1 Analyzing Normal ARP Traffic
10.2 Analyzing Abnormal ARP Traffic

11. Analyzing Internet Protocol Version 4 Traffic
11.1 Analyzing Normal IPv4 Traffic
12.2 Analyzing Abnormal IPv4 Traffic

12. The Darkest Side of Wireshark
12.1 SSL/TLS Parsing