Description
This course is the third in a series of three courses, in which we will learn about the analysis and troubleshooting of network applications. In the course we talk about analysis and troubleshooting of Internet-based applications like DNS, HTTP/HTTPs, FTP and Mail protocols, enterprise network protocols like NetBIOS, Databases, VoIP and Multimedia and more. All topics covered in the course include theory, case studies and hand-on exercises, and is based on the new Wireshark version 3.
Objectives
By the end of the course, the participant will be able to:
- Understand common applications behavior over the network.
- Locate abnormal behavior of network protocols and applications.
- Analyze performance degradation issues and locate their causes.
- Locate the root cause for most common network problems.
Target Audience
R&D, engineering, and technical Support, IT and communications managers
Prerequisites
Network Analysis using Wireshark – Software and Tools and Core Protocols courses. Basic knowledge in networking and the TCP/IP protocol stack (Introduction to Networking course level) with basic level understanding of Windows/Linux shell scripts and Python
Duration
12 hours
Outline
DNS Traffic Analysis
- DNS, MDNS and Secured DNS (DNSsec) – the theory
- IPv4 and IPv6 record types
- Normal and suspicious behavior of DNS
- How to isolate unusual behavior of DNS
- Configuring smart DNS filters
- DNS performance issues
HTTPv1/2 Traffic analysis, including Fiddler
- HTTP operation and message structure
- HTTP request methods and statues codes
- Analyses HTTP streams: normal operation and problems
- How to watch HTTP statistics
- How to export HTTP objects
- Analyzing HTTPs communications
- Packet analysis and troubleshooting
FTP Traffic Analysis
- FTP/FTPs principles of operation
- Active and passive FTP
- FTP performance and how to locate performance problems
Enterprise Applications Analysis and Troubleshooting
- MS-Terminal and Citrix operation and troubleshooting
- SMB/CIFS operation and analysis
- DCS/RPC operation and analysis
- Database applications analysis (from the network point of view)
SIP, IPT and Streaming applications
- IP telephony principles of operations
- SIP principles of operations, messages, and error codes
- RTP, RTCP and media transfer
- Video over IP and RTSP
- Normal operation and what might get wrong
- Wireshark features for IPT – SIP, VoIP Calls, RTP, RTSP
- Capture and display filters for IPT and multimedia
- Wireshark features for IPT – RTP session parameters and stream analysis, filters and RTP playback feature
Exercises
- Analyzing SIP connectivity problems
- Analyzing SSL/TLS connectivity
- Analyzing DNS resolving problems
- Analyzing performance issues that are caused due to DNS
- Analyzing slow DB problems
- Analyzing NetBIOS connectivity issues
- Analyzing NetBIOS performance issues
- Analyzing Slow Terminal performance
- Analyzing DNS performance problems
- Analyzing FTP connectivity issues
- Analyzing FTP performance issues
- Analyzing SMTP and POP performance problems
- Analyzing HTTP connectivity
- Analyzing HTTP performance issues
- Analyzing SIP connectivity problems
- Analyzing degradation in voice quality
- Analyzing video freezes
