← ACADEMY
TECHNICAL TRAINING UNIT

Network Traffic Analysis with Wireshark

DURATION12H
STATUSACTIVE

Overview

Network Traffic Analysis with Wireshark teaches learners how to read packets, understand network behavior, and investigate suspicious activity using one of the most important tools in security operations. The course starts with capture basics and display filters, then moves into protocol analysis, troubleshooting, detection, and incident investigation workflows.

You will learn how to move from raw packet captures to clear findings: what happened, which systems were involved, whether behavior was expected, and what evidence supports the conclusion. The course is hands-on and grounded in realistic traffic rather than isolated screenshots.

What you'll learn

  • How to capture traffic safely and choose the right capture point
  • Wireshark navigation, display filters, profiles, coloring rules, and stream reconstruction
  • Protocol analysis for DNS, HTTP, TLS, TCP, DHCP, SMB, and common enterprise traffic
  • How to identify scanning, failed connections, suspicious domains, data transfer, and command-and-control patterns
  • How packet analysis supports incident response and threat hunting
  • How to extract files, indicators, and timelines from captures
  • How to explain packet evidence clearly in analyst notes and reports

Prerequisites

Participants should have basic networking knowledge, including IP addresses, ports, and common protocols. Prior Wireshark experience is not required. The course pairs well with network security fundamentals, SOC analyst training, incident response, and malware analysis paths.

Outcomes

By the end of the course, you will be able to navigate packet captures confidently, filter large traffic sets, recognize normal and suspicious behavior, and use Wireshark evidence to support troubleshooting or security investigations. You will leave with practical analysis habits that transfer directly to SOC, blue team, and incident response work.