Network Analysis using Wireshark – TCP/IP Core Protocols – Online

Description

This course is the second in a series of three courses, in which we will learn about the analysis and troubleshooting of the TCP/IP core protocols – from ARP and IP to UDP/TCP issues. In the course we will focus on troubleshooting network problems, learn about bandwidth, delay, jitter, and packet losses and how they affect network performance with emphasize on TCP performance issues and problems. Every subject starts with a brief overview of the subject, follows by numerous examples and case studies providing the participant with an ordered methodology for network problems solving. The course is based on the Wireshark version 3.

Objectives

By the end of the course, the participant will be able to:

• Understand the methodology troubleshooting TCP/IP based networks.
• Understand typical TCP/IP network normal and abnormal behavior.
• Design a network troubleshooting plan and perform it.
• Analyze and discover problems that happen due to TCP/IP core protocols.

Target Audience

R&D, engineering, and technical Support, IT and communications managers

Prerequisites

Completing the “Network analysis using Wireshark – software and tools” course. Basic knowledge in networking and the TCP/IP protocol stack (Introduction to Networking course level) with basic level understanding of Windows/Linux shell scripts and Python

Duration

8 hours

Outline

IPv4 analysis

• IPv4 principles of operation and packet structure: duplicate addresses, routing issues, fragmentation
• ICMPv4 – protocol operation, analysis and troubleshooting.
• IPv4 ARP – operation and troubleshooting.
• DHCP analysis

TCP/UDP analysis

• L4 connectivity
  • L4 operations
  • Connectivity and reliability
  • Well known ports
• UDP principles and packet structure
  • UDP Basics and frame structure
  • UDP operation
• TCP principles and packet structure
  • TCP principles, packet structure and state machine
  • The Sliding Windows mechanism and window size changes
  • Ack frequency, delayed Ack and the Nagel algorithm
  • Slow start, flow, and congestion control
  • TCP enhancements: Selective Ack, Time stamps, scale factor and more
  • The TCP chimney offload mechanism
  • Bandwidth/throughput and delay issues

TCP behavior, analysis and troubleshooting

• Packet Loss, Delay, Jitter and Retransmissions
• Go/No-Go and performance problems.
• Packet losses and their influence on network traffic
• Previous segment lost and Out-of-Order Segments events
• Duplicate ACKs and Fast Retransmissions
• TCP Retransmissions and their impact on network performance
• Delay/jitter influence on TCP behavior
• Zero window, Window changes and other window problems
• TCP Resets and their causes

Exercises

1. Analyzing ARP traffic and ARP problems
2. Understanding normal UDP and TCP behavior
3. Resolving TCP retransmission problems
4. TCP Duplicate ACKs and Fast retransmissions problems
5. TCP resets and why they happen
6. TCP zero-window and window changes and why they happen
7. Determine the cause for slow applications
8. Delays and how they influence applications
9. Use TCP stream graphs to analyse TCP behaviour
10. Analysing packet losses, where they come from and why
11. Using the Expert Infos to find application events
12. TCP performance issues
13. TCP delay/jitter calculations
14. TCP timestamps, scale factor and selective ACKs