Wireshark Deep Dive from a WiFi Perspective

Course Duration

3 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Familiarity with TCP/IP networking, Wi-Fi fundamentals, and network infrastructure devices such as switches, routers, etc.

Course Description

In this hands-on course, you will receive in-depth training on Wireshark® and WiFi communications analysis. You will develop the skills to capture, decrypt and analyze wireless packets. The student will walk away with a set of analysis techniques focusing on the use of vendor-neutral, open source tools.

Course Outline

Course Topics

• Perform unattended captures with auto-stop conditions
• Apply a decryption key to reveal upper layer protocols for analysis Verify the key decrypted traffic
• Troubleshooting steps if decryption is unsuccessful
• Capture and Display filter syntax
• Statistics and graphs
• Filter on addresses, protocols, fields or traffic characteristics
• Filter on keywords using wildcards and regular expressions
• Reassemble and extract files from captured traffic
• Dissect and fix malformed packets
• Aircrack-ng Suite Switch the capture adapter into monitor mode with Airmon-ng
• Capture with Airodump-ng
• Crack WPA/WPA2 passphrase keys with Aircrack-ng
• Inject packets with Aireplay-ng
• Capinfos
• Dumpcap
• Editcap
• Mergecap How to merge pcaps of a similar file type; cap, pcap, pcappi, pcapng, and kismet
• Reodercap Reordering EAPOL handshakes
• Tcpdump Filter on large pcaps
• Tshark Streamline analysis especially for large pcaps
• Traffic analysis to perform network mapping of access points of interest and associated clients given a large pcap
• Extracting packets for specific MAC/BSSID/SSID/etc to a smaller file for analysis
• Nmap
• 802.11 Operation Modes Device-to-Device (Adhoc) Communication
• Basic Service Set (BSS)