laura chappell’s troubleshooting with...

SharkFest 2015 Pre-Conference Event

Troubleshooting with Wireshark

Master Wireshark to locate the source of network performance problems quickly.

Use the 4-part troubleshooting methodology to catch problems.

Customize Wireshark to detect problems with the click of a button.

Rapidly identify and graph path delays and application delays.

Use the Wireshark’s Expert Infos to spot receiver congestion, the point of packet loss, out-of-order segments and more.

LAURA CHAPPELL’S

June 20-22, 2015 ● SharkFest 2015 Pre-Conference EventRegister at www.wiresharktraining.com/troubleshooting2015.html

Hosted at the Computer History Museum, Mountain View, California

®

CONTENTS Who Should Attend ........................................................................................................................................... 1 Course Topics .................................................................................................................................................. 1 When and Where .............................................................................................................................................. 1

June 20-22, 2015 ........................................................................................................................................ 1 Computer History Museum Mountain View, California ..................................................................................... 1

About Laura Chappell, Your Instructor ................................................................................................................ 2 Tuition and Discount Schedule .......................................................................................................................... 2 Hotel Discount Booking and Details ................................................................................................................... 3 Hands-On Training–Bring Your Own Laptop (BYOL) .............................................................................................. 3 Cancellation and Student Substitution Policy ..................................................................................................... 3 Evening Event – SharkFest 2015 Registrants Only ............................................................................................... 3 About the All Access Pass ($699 Value) .............................................................................................................. 4

AAP Portal Features ..................................................................................................................................... 4 Sample Online Course List ............................................................................................................................ 4 AAP Live Event List – 2014-2015 ................................................................... Error! Bookmark not defined.

Daily Schedule ................................................................................................................................................. 5 Saturday, June 20 ........................................................................................................................................ 5 Sunday, June 21 .......................................................................................................................................... 5 Monday, June 22 ......................................................................................................................................... 5

Detailed Content Outline................................................................................................................................... 6 Hotel Information ............................................................................................................................................. 8 Contact Us .................................................................................................................................................... 10

Register online at www.wiresharktraining.com/troubleshooting2015.html

1WHO SHOULD ATTEND This hands-on course is geared towards IT professionals, network engineers, and escalation teams who need to find network problems quickly. If you are responsible for any of the following network issues, this is the event for you!

Find the cause of slow file transfers Optimize the network Measure bandwidth use for an application or user Identify problematic infrastructure devices

COURSE TOPICS This hands-on course focuses on customization of Wireshark to identify numerous performance issues including the following:

Connection Blocked or Refused Application Request Refused Slow Application Response Times Server Application Faults Content Redirection TCP Receive Buffer Issues Altered TCP Connection Attributes Mismatched TCP Parameters Weak Signal (WLAN) Asymmetric Routing Packet Loss in the Infrastructure

High Path Latency Measurements Bandwidth Throttling Delayed ACKs/Nagle Issue Packets Queued along Path Route Redirections Virus/Malware on Network Hosts Name Resolution Problems Missing Selective Acknowledgment (SACK) No Support for Window Scaling Premature TCP Port Number Reuse and more…

WHEN AND WHERE June 20-22, 2015 See the Daily Schedule section on page 5 for more details on daily start/end times.

Computer History Museum Mountain View, California Location: 1401 N Shoreline Blvd

Mountain View, California 94043

Closest Airports: ● San Jose Mineta Airport SJC (11 miles) ● San Francisco Airport SFO (25 miles) ● Oakland Airport OAK (33 miles)


2ABOUT LAURA CHAPPELL, YOUR INSTRUCTOR Laura Chappell, Founder of Wireshark University and Chappell University, is renowned for her Wireshark skills and ability to train in an entertaining manner. She is the author of several Wireshark books including Wireshark Network Analysis: the Official Wireshark Certified Network Analyst Study Guide, Wireshark 101: Essential Skills for Network Analysis, and Troubleshooting with Wireshark: Locate the Source of Performance Problems.

Laura has been analyzing network traffic for over 20 years and has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers on the subject of “tapping into networks.”

Ms. Chappell’s customers include Apple, Cisco, Dell, HP, Microsoft, IBM, Lockheed Martin, McAfee Corporation, US Arsenal, US Air Force, US Navy, NCIS, US Court of Appeals, United Bank of Switzerland, Salesforce, SPAWAR, Symantec, Riverbed Technology, Palo Alto Networks, Australian High Tech Crime Centre, Macau Police Department, Hong Kong Police Department, Qualcomm, and more.

TUITION AND DISCOUNT SCHEDULE Tuition covers all course materials, 1-year All Access Pass subscription, breakfast, lunch and break refreshments, evening events and your Certificate of Completion.

Troubleshooting with Wireshark 3-Day Event ............................................................................. $1,095

Bundle Pricing (Pre-Conference Event AND SharkFest 2015 Entrance)

Early Bird Bundle Price (ends February 15, 2015) ...................................................................... $2,090

Regular Bundle Price (after February 15, 2015) ..........................................................................$2,390

Questions? Please email [email protected] or call +1 408-378-7841.


3HOTEL DISCOUNT BOOKING AND DETAILS Hotel expenses are not included. We are finishing up the SharkFest and pre-conference event hotel contracts.

The weather should be fabulous so consider bringing the family to enjoy some Silicon Valley time.

HANDS-ON TRAINING–BRING YOUR OWN LAPTOP (BYOL) This training event is hands-on. Bring your own laptop pre-configured with the latest version of Wireshark1.

You can download the latest stable version of Wireshark for MAC OSX, Linux, or Windows from www.wireshark.org.

Ensure your laptop has a functional USB port as course materials will be provided on a USB stick. DVD “just-in-case” versions will also be available at the event, but not provided in the Student Kit.

CANCELLATION AND STUDENT SUBSTITUTION POLICY If you are unable to attend your scheduled training class, please contact 1 (408) 378-7841. We require fourteen (14) calendar days’ notice to cancel any registration (and provide refund for pre-payment). Failure to provide the required notification will result in 100% charge of the course.

If a student does not attend a scheduled course without prior notification (“no show”) it will result in full forfeiture of the funds.

Student substitutions are allowed, but we must be notified via email to [email protected] no less than five (5) full business days before the start of the class (not including the class start date).

EVENING EVENT – SHARKFEST 2015 REGISTRANTS ONLY When you register for both the 3-Day Troubleshooting with Wireshark event and SharkFest 2015 (June 23-25, 2015), you will be invited to the SharkFest 2015 Welcome Dinner taking place on June 22nd in the Grand Hall of the Computer History Museum.

Register for both events and pick up your SharkFest 2015 badge on Monday, June 22nd directly outside the Troubleshooting with Wireshark event.

1 You will be advised in advance of the event if a specific version of Wireshark is required to avoid any current bugs or

vulnerabilities.


4ABOUT THE ALL ACCESS PASS ($699 VALUE) The All Access Pass (AAP) one-year subscription enables you to take numerous online courses whenever and wherever you want. In addition, you can join Laura Chappell live in a variety of online events that happen through the year.

AAP Portal Features Course Gradebooks indicate progress through your courses. Print Course Certificates upon successful completion. Download course documents and trace files for many classes. Use the Chat feature to communicate with other students

and the instructor.

Sample Online Course List WCNA Exam Prep Questions Lab Solutions for Wireshark 101: Essential Skills

for Network Analysis Analyzing the Window Zero Condition Build Wireshark Filters from Snort Rules Create a Security Profile Find Stuff Fast with Wireshark Filter Expression Buttons CS42: Hacked Hosts CS43: Analyze and Improve Throughput CS44: Top 10 Reasons Your Network is Slow CS45: TCP Analysis in-Depth CS46: DHCP/ARP Analysis CS47 Nmap Network Scanning 101 CS48: Wireshark 101 Jumpstart CS50: WLAN Analysis 101

AAP subscription access is provided in the event Registration packets on Saturday, June 20, 2015.


5DAILY SCHEDULE Class runs from 9am-5pm each day.

Saturday, June 20 8:00 am Coffee and Registration (Second Floor – Hahn Auditorium Lobby)

9:00 am Class begins (with morning break)

12:00 pm Lunch break (45 minutes)

12:45 pm Class resumes (with afternoon break)

5:00 pm Class day ends

Sunday, June 21 8:00 am Coffee (Second Floor – Hahn Auditorium Lobby)




5:00 pm Class day ends

Monday, June 22 8:00 am Coffee (Second Floor – Hahn Auditorium Lobby)




5:00 pm Class ends

5:30 pm SharkFest 2015 Welcome Dinner2 (Grand Hall) - Badges required

2 SharkFest 2015 Registrants only.


6DETAILED CONTENT OUTLINE The following outline defines the course content. The order in which materials are presented may be altered to allow more complex topics to be presented earlier in the day.

Part 1: Troubleshooting Methodology • Overview of the Four-Part Analysis Methodology • Use Your Troubleshooting Checklist

Part 2: Master Key Wireshark Troubleshooting Tasks • Create a Troubleshooting Profile • Enhance the Packet List Pane Columns • Change the Time Column Setting • Filter on a Host, Subnet or Conversation • Filter on an Application Based on Port Number • Filter on Field Existence or a Field Value • Filter OUT “Normal” Traffic (Exclusion Filters) • Create Filter Expression Buttons • Launch and Navigate Through the Expert Infos • Change Dissector Behavior (Preference Settings) • Find the Top Talkers • Build a Basic IO Graph • Add a Coloring Rule

Part 3: Capture Technique • Tips on Choosing a Capture Location • Tips for Working with Large Trace Files and High Throughput Networks • Tips for Locating the Cause of Intermittent Problems • Tips for Naming Your Trace Files • Capture Options for a Switched Network • Capture on High Traffic Rate Links • Consider Your Wireless Capture Options • Capture to a File Set in High Traffic Rate Situations • Use Capture Filters when Necessary • Command-Line Capture Techniques (Tshark/dumpcap)

Part 4: Identify TCP/IP Resolution Problems • Name Resolution Problems • Route Resolution Problems • MAC Address Resolution Problems

Part 5: Troubleshoot with Time • Avoid the Distractions of “Normal” or Acceptable Delays • Detect Delays in UDP Conversations • Detect Delays in TCP Conversations • Identify High DNS Response Time • Identify High HTTP Response Time • Identify High SMB/SMB2/SMB3 Response Time


7Part 6: Identify Problems Using Wireshark’s Expert

• Understand Wireshark’s Expert Infos System/Dissector Designations • Previous Segment Not Captured • Duplicate ACKs • Out-of-Order Packets • Fast Retransmissions • Retransmissions • Spurious Retransmissions • ACKed Unseen Segment • Keep Alive and Keep Alive ACK • Zero Window • Window Full • Zero Window Probe and Zero Window Probe ACK • Window Update • Reused Ports • Checksum Errors

Part 7: Identify Application Errors • Detect DNS Errors • Detect HTTP Errors • Detect SMB/SMB2 Errors • Detect SIP Errors • Detect Error Responses of Other Applications

Part 8: Master Basic and Advanced IO Graph Functions • Graph and Compare Conversation Throughput • Graph Application Traffic • Use CALC Functions on the Advanced IO Graph

Part 9: Graph Throughput Problems • Detect Consistently Low Throughput due to Low Packet Sizes • Identify Queuing Delays along a Path • Correlate Drops in Throughput with TCP Problems (the “Golden Graph”)

Part 10: Graph Time Delays • Graph High Delta Times (UDP-Based Application) • Graph High TCP Delta Time (TCP-Based Application)

Part 11: Graph Other Network Problems • Graph Window Size Problems • Graph Packet Loss and Recovery

Part 12: Working with Command Line Tools and 3rd Party Tools • Export Packet List Pane Columns to CSV Format • Export Your Trace File/Packet Comments Report • Sanitize Trace Files


8HOTEL INFORMATION Hotel 1: Wild Palms 408.738.0500 910 East Fremont Avenue Sunnyvale, CA 94087

$159 USD + tax June 19-21, 2015 (Friday, Sunday) $169 USD + tax June 22-24, 2015 (Monday thru Wednesday) Plus applicable state and local taxes (currently 10.565%) Hotel Amenities

The Wild Palms hotel features two spectacular courtyards and guestrooms decorated in a festive bungalow style. The hotel’s Mediterranean-inspired atmosphere is accented by tropical foliage, exquisite mosaics, dramatic murals and handcrafted furnishings. Breakfast, parking, and high-speed wireless internet is included in the SharkFest 2015 room rate. The Wild Palms is located 7.3 miles from the Computer History Museum.

The Wild Palms will house Wireshark core development staff and is the recommended hotel for your stay during the conference. A limited number of rooms are available on a first-come, first-served basis, so please reserve yours as soon as possible.

Method of Reservations Group Code for the SharkFest 2015 Room Block June 19-25, 2015 is SHARKFEST2015.

Reservations for the Group will be made by individual attendees directly with the Hotel at 408-738-0500 or online via the Group Code by going to www.wildpalmshotel.com, then (a) select your check in and check out dates, (b) enter the Group Code where it says "group id", and (c) click on "Book Your Stay."

Cutoff Date for SharkFest Room Rate The Cut-off Date is Midnight, Saturday, June 1st, 2015. Any reservation requests made after the Cut-off Date will be accepted subject to room and rate availability.

Hotel Room Cancellation Policy Any changes and/or cancellations made to group individual reservations must be made through the reservations department 72 hours prior to arrival. Group individual reservations changed and/or canceled within 72 hours prior to arrival are subject to availability and will be charged for the entire amount of the original reservation. Additional room reductions include, but are not limited to, cancellations and changes in arrival or departure dates. All no-shows will be billed even if the guest arrives at a later date.


9Hotel 2: MapleTree Inn 408.720.9700 711 East El Camino Real Sunnyvale, CA 94087

$159 USD + tax (10.565%) June 19-25, 2015 Hotel Info

The Maple Tree Inn is contemporary and elegant. Enjoy the meaning of comfort at the Maple Tree Inn in Sunnyvale. The Maple Tree Inn offers stylish oversized accommodations with value-added services and amenities. Breakfast, parking, and high-speed wireless internet is included in the SharkFest 2015 room rate. The Maple Tree Inn is located 5.70 miles from the Computer History Museum.

Single or Double occupancy in Deluxe Queen/Queen, Single Queen or King room.

The hotel has 170 guest rooms and a nice, large pool patio area with a fire pit.

Hotel Amenities

• Guest Laundry • Fitness Center • Lobby Computer/Printer • Outdoor Heated Pool • Hot Tub • BBQ, Fire Pit, Wet Bar • Complimentary Hospitality Reception Mon-Thurs • Every room has a microwave, refrigerator, hair dryer, umbrella, iron and full ironing board

Cutoff Date for SharkFest Room Rate

The Cut-off Date is: Midnight, Saturday, June 1st, 2015. Any reservation requests made after the Cut-off Date will be accepted subject to room and rate availability. Method of Reservations

Group Code for the SharkFest 2015 Room Block June 19-25, 2015 is 603.

Hotel Cancellation Policy

Individual reservations within a group may cancel 3 days before arrival with no penalty.


10CONTACT US Do you have any questions about this event?

Please feel free to contact us directly.

Email: [email protected] Phone: 1 (408) 378-7841 Fax: 1 (408) 378-7891

5339 Prospect Road, #343 San Jose, California 95129 USA

laura chappell’s troubleshooting with...

Documents