Wireshark-users: Re: [Wireshark-users] Network Analysis Training

From: "Samson Martinez" <samson@xxxxxxxxxx>
Date: Wed, 15 Jul 2009 10:10:55 -0500

Just reviewed the data on the SANS site – looks very intriguing.

 

Thanks…

 

-Samson

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of shartman@xxxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, July 14, 2009 8:08 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Network Analysis Training

 

If you are really set on taking a course, I would recommed the SANS 503 - Intrusion Detection in Depth. Basically this whole course is packet analysis looking for malicious activity. I took the course a couple years ago have used it many times to troubleshoot network problems. I will warn you though it is not for the faint of heart, it is very technical and very intense.

 

-------- Original Message --------
Subject: Re: [Wireshark-users] Network Analysis Training
From: Hansang Bae <for_list_hbae@xxxxxxxxxx>
Date: Tue, July 14, 2009 1:27 pm
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>

Samson Martinez wrote:
> Hello folks,
> I’m thinking about taking some network analysis training sometime during
> this year and was wondering if anyone that participates in this forum
> had taken similar formal training and, if so, if they were satisfied
> with the results. Or is this more of a “better off learning through
> school of hard knocks” type of knowledge?

I think it depends on your level of comfort with Ethernet/TCP/IP. I'm
assuming here that's what you're interested in. The problem with
protocol analysis classes that I've seen or saw online, were that they
were very basic. Even the classes defined as "expert" weren't so expert
level. Herein lies the problem. How do you classify "expert" "medium"
"beginner"?

My recommendation would be to read as much as you possibly can to absorb
the academic parts of the protocol. Comer and Stevens are both great
books to start with. Then you can move on to general networking topic
from the likes of Computer Networks by Tanenbaum or
Interconnections...by Perlman.

Once you have the fundamentals, you can tackle troubleshooting and
learning to read trace files. There's still a lot of "art" than
"science" in doing protocol analysis.

Finally, check out the sharkfest presentations as you can pick up a lot
of good tips/tricks of the trade.

--

Thanks,
Hansang

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe