Wireshark 0 LE - TCP / IP Networking Fundamentals Using Wireshark (Law Enforcement)


Law Enforcement Personnel that need to acquire a foundation in networking technology, terminology, common networking protocols and use of Open-Source Network / Forensic Analysis tools and methodologies. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.


Network and Forensics Analysis encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with an introduction to investigative techniques focusing on the use of vendorneutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

  • Open Systems Interconnect (OSI) reference model and basic networking architectures and communications modals
  • Introduction to Network Infrastructure devices such as Hubs, Switches, Routers / Gateways / Proxies and Firewalls
  • Fundamentals of Protocol, Network and Forensics Analysis and troubleshooting techniques
  • Introduction to networking Protocol stacks including: TCP/IP, Linux/Unix, Novell, AppleTalk
  • Open-Source Network and Forensics analysis Tools including Wireshark

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

What You'll learn

I. TCP / IP Networking Fundamentals Using Wireshark

  • Course Organization
  • Digital Numbering Systems

II. The ISO / OST Protocol Reference Model

  • History of the OSI Reference Model
    • Responsibilities Assigned to Each Layer
    • Understanding and Applying the Concepts of the OSI Reference Model
    • Problems That May Be Discovered at Each Layer
    • Protocol Suites – TCP/IP, AppleTalk, Novell, UNIX / Linux
  • Physical Device Interconnection
    • Cabling and Electrical Issues
      • Coaxial Cable
      • Twisted Pair
      • Fiber Optical Cable
    • Physical Attachment between Devices
      • Ethernet
      • Token Ring
      • Wireless
      • Internet of Things (IoT)
  • Ethernet vs. WiFi Fundamentals
    • Overview of Ethernet vs. Wireless
      • CSMA/CD
      • CSMA/CA
    • Collision Domains vs. Broadcast Domains
    • Ethernet Specifications
    • Ethernet Cabling
    • Ethernet Coding Schemes
    • Introduction to Ethernet Frame Format Specifications
    • WiFi Technologies & Internet of Things
  • Communications Between Segments – Bridges, Switches and Related Protocols
    • Introduction to Network Infrastructure Devices
    • Introduction to Bridges and Switches
      • How Bridges and Switches Work – Layer 2 vs. Layer 3 Operations
      • Introduction to the Spanning Tree Algorithm
      • IEEE 802.1p/q Switch Tagging and VLAN’s
    • Network Analysis Challenges in a Switched Network Environment
  • Communications Between Networks – Routing and Routing-related Protocols
    • Introduction to Routers
    • Understanding and Differentiating Between Address Representations
      • IPv4, IP Dotted Decimal Notation, Subnetting Fundamentals and IPv6
      • AppleTalk Networks, Nodes and Zones
      • Novell NetWare’s use of the MAC Address in the Layer 3 Address
    • Understanding Communications between Routers
      • Routing Information Protocol (RIP)
      • Apple’s Routing Table Maintenance Protocol (RTMP)
      • Open Shortest Path First (OSPF)
      • Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP) v. Hot Standby Routing Protocol (HSRP)
    • Protocols Used to Support Routing Functions
      • Address Resolution Protocol (ARP) & Apple Address Resolution Protocol (AARP)
      • Internet Control Message Protocol (ICMP)
      • Domain Name Service (DNS) and Window’s Internet Name Service (WINS)
      • Dynamic Host Configuration Protocol (DHCP)
    • Proxies, Firewalls and other interconnection devices
  • Communications between Applications
    • Differentiating Various Types of Communications Architectures
      • Client Server Communication Model
      • Terminal to Host Communications
      • Peer to Peer Communications
    • Introduction to Protocols That Move Raw Blocks of Data
      • Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
      • Novell – Sequenced Packet Exchange Protocol (SPX)
      • AppleTalk – Apple Datagram Delivery Protocol (DDP)
      • Replacing TCP – Stream Control Transmission Protocol (SCTP)
    • Introduction to File Manipulation Protocols
      • Microsoft Server Message Block (SMB)
      • NetWare Core Protocol (NCP)
      • AppleTalk Filing Protocol (AFP)
      • Network File System Protocol (NFS)

III. Where do we go from Here?

  • Wireshark 0LE – TCP/IP Networking Fundamentals Using Wireshark
  • Wireshark 1 – TCP/IP Network Analysis
  • Wireshark 2LE – Advanced Network &Security Analysis
  • Wireshark 3LE – Network Forensics Analysis
  • Wireshark 4LE – Mobile Device Forensics Analysis
  • Wireshark 5 – Cloud & Internet of Things (IoT) Technology & Advanced Network Analysis
  • Wireshark 6 – VoIP Technology & Advanced Network Analysis
  • Wireshark 7 – WiFi Technology & Advanced Network Analysis
  • Wireshark 8 – SCADA & ICS Technology & Advanced Network Analysis


5 days Classroom Instruction

Start/End Times


Recommended Class Size