ENROLL NOW
ENROLL NOW
Network Troubleshooting Using Wireshark for Cellular Networks

Network Troubleshooting Using Wireshark for Cellular Networks

Analyse and troubleshot cellular networks problems using Wireshark.

This purpose of course is to provide the participant with practical knowledge of Wireshark protocol analyser and how to use it for IP based networks with emphasize on cellular networks. The course provides a strong background of 4th/5thG cellular networks protocols and data flows, along with the understanding of the TCP/IP protocol stack protocols that are used in cellular networks with emphasis on TCP connectivity and performance issues. All topics covered in the course include theory, case studies and hand-on exercises, based on the latest Wireshark version.

Objectives

By the end of the course, the participant will be able to:

  • Run Wireshark and perform efficient data capture.
  • Set up various display and capture filters.
  • Use statistical tools to detect network failures.
  • Use I/O graphs and stream graphs.
  • Use the Expert system.
  • Analyse and troubleshoot cellular networks flows.
  • Analyse and troubleshoot TCP/IP traffic connectivity and performance problems.
  • Use network forensics methods for identifying network breaches.

Target Audience

R&D, engineering and technical Support, IT and communications managers in cellular networks operators.

Prerequisites

Basic knowledge in networking and the TCP/IP protocol stack (Cisco CCNA level or equal) with basic understanding of cellular network structure and components. Laptops with Wireshark are required (free download from the site – www.wireshark.org)

Duration

5 Days

Course Curriculum

Part 1: Wireshark – the Software

1. Introduction to network troubleshooting

  • Troubleshooting methodology
  • Troubleshooting tools

2. Introduction to Wireshark

  • How Wireshark Works
  • Capturing Packets
  • Wireshark toolbars and menus
  • Navigation and colorization techniques
  • Using Time Values and Summaries
  • Examining Basic Trace File Statistics
  • Save, Export and Print
  • Lab exercises and case studies

3. Where to locate Wireshark

  • How to decide where to capture data from
  • Taps and port-mirror
  • Local and remote monitoring
  • Capture data from multiple interfaces
  • Capture data on virtual machines
  • Capture data to single and multiple files
  • Mergecap and file merging
  • Capture data from local and remote interfaces
  • Wireshark folders, configuration files and plugins
  • Configure user interface, global and protocols preferences
  • MAC/IP/TCP-UDP protocol resolution
  • Import and export files
  • Working with profiles
  • Lab exercises and case studies

4. Capture filters

  • Capture filters syntax and Tcpdump
  • Compound capture filters
  • Offset filters
  • Lab exercises and case studies

5. Display filters

  • Ways to configure display filters
  • Simple and structured filters
  • Focusing on protocol and text strings
  • Lab exercises and case studies

6. Using basic statistics tools

  • Capture file properties
  • Resolved addresses properties
  • Protocol hierarchies
  • Endpoint and conversation statistics
  • Protocols statistics
  • Lab exercises and case studies

7. Using smart statistics tools

  • Create basic and advanced I/O graphs
  • Create TCP Time-Sequence graphs
  • Analyze flow graphs
  • Evaluate service response times
  • Create Round-Trip-Time graphs
  • Analyze TCP/IP flows
  • Analyse applications flows (Transum)
  • Lab exercises and case studies

8. The Expert System Basics

  • The Expert-Infos window and how to use it for network troubleshooting
  • Error events and understanding them
  • Warnings events and understanding them
  • Notes events and understanding them
  • Lab exercises and case studies

Part 2 – TCP/IP Protocols Analysis

9. Ethernet and LAN switching analysis

  • The Ethernet protocols
  • What to look for
  • Basic Ethernet issues

10. ARP and IPv4/IPv6 analysis

  • IPv4 principles of operation and packet structure: duplicate addresses, routing issues, fragmentation
  • IPv6 principles of operation, packet structure and header extensions, address tpes
  • ICMPv4 – protocol operation, analysis, and troubleshooting
  • IPv4 ARP – operation and troubleshooting
  • Lab exercises and case studies

11. TCP/UDP analysis

  • Principles of operation (brief)
    • L4 operation
    • UDP principles and packet structure
  • TCP principles and packet structure
    • TCP principles and packet structure
    • The Sliding-window mechanism and window size changes
    • Ack frequency, delayed Ack and the Nagel algorithm
    • Slow start, flow, and congestion control
    • TCP enhancements: Selective Ack, Time stamps, scale factor and more
    • The TCP chimney offload mechanism
    • Bandwidth/throughput and delay issues
  • SCTP Operation
    • SCTP principles of operation
    • Endpoints and Multi-homing
    • Associations and streams
    • Packet structure
  • Lab exercises and case studies

12. Packet Loss, Delay, Jitter and Retransmissions

  • Packet loss and recovery – UDP and TCP
  • Previous segment lost and Out-of-Order Segments events
  • Duplicate ACKs and Fast Retransmissions
  • TCP Retransmissions and their impact on network performance
  • Delay/jitter influence on TCP behaviour
  • Zero window, Window changes and other window problems
  • TCP Resets and their causes
  • Lab exercises and case studies

13. Internet Applications Analysis and Troubleshooting

  • RADIUS operation and troubleshooting
  • HTTP and SSL/TLS operation and troubleshooting
  • DNS operation and troubleshooting
  • ICMP protocol and messages
  • Lab exercises and case studies

14. Network Security and Forensics

  • Gather information – what to look for
  • Unusual traffic patterns
  • Complementary tools
  • MAC and IP address spoofing
  • Attacks signatures and signature locations
  • ARP poisoning
  • Attacks and exploits
  • DoS and DDoS Attacks
  • Protocol scans
  • DNS-based attacks
  • Lab exercises and case studies

Part 3 – Cellular Networks Analysis

15. 4G/5G network operation

  • Network structure and components (brief)
  • Interfaces and protocols (3.0 Training Hours)
    • Protocols, interfaces and data structure
    • User and control plane
    • The User Plane protocols and GTP-U
    • The Control Plane protocols, SCTP, X2/S1-AP, and GTP-C
    • The Air-Interface protocols – PHI, MAC, RLC, PDCP, RRC and SDAP (5G) (brief)
  • Data structure and call flows
    • Operational procedures, call-flows, and packet captures
    • Network security procedures
    • Registration Procedure
    • Registration procedure – UE interactions
    • Registration procedure – e/gNB interactions
    • Core components interactions
    • Network security procedures
    • NAS-MM, NAS-SM, NG-AP and N11 protocols
  • Network procedures and data flows
    • Registration and connection management
    • Session management procedures
    • Network access, PLMN and cell selection
    • Network functions selection
    • Security procedures

16. Cellular Networks Analysis and Troubleshooting

  • Assisting protocols – MPLS and Carrier Ethernet
  • e/gNB to NE protocols (S1/X2) analysis
  • Core protocols analysis
    • Network procedures troubleshooting
    • GTP-C, GTP-U ad GTP-Prime protocols analysis
  • RADIUS and authentication issues
  • Performance issues

Labs

  • Configuring packet capture on single and multiple interfaces
  • Using navigation and colouring techniques
  • Using time values
  • Configuring L2/L3/L4 name resolution
  • Saving, importing, and exporting files
  • Configuring user interface and global preferences
  • Configuring basic capture filters
  • Configuring structured and offset capture filters
  • Configuring basic L2/3/4 display filters
  • Locate text-strings in a capture file
  • Using basic statistics tools for IP and UDP/TCP traffic analysis
  • Find the top talkers and protocols on a Network
  • Working with IO graphs for traffic analysis
  • Using IO graphs for bandwidth and throughput analysis
  • Using IO graphs with display filters
  • Using the Expert Infos to find network issue
  • Discovering broadcast storms and broadcast loads
  • Analysing TCP streams
  • Analysing ARP traffic and ARP problems
  • Understanding normal UDP and TCP behaviour
  • Resolving TCP retransmission problems
  • TCP Duplicate ACKs and Fast retransmissions problems
  • TCP resets and why they happen
  • TCP zero-window and window changes and why they happen
  • Determine the cause for slow applications
  • Delays and how they influence applications
  • Use TCP stream graphs to analyse TCP behaviour
  • Analysing packet losses, where they come from and why
  • Using the Expert Infos to find application events
  • TCP performance issues
  • TCP delay/jitter calculations
  • Analysing DNS problems
  • Unusual traffic patterns
  • DDoS attack patterns
  • DNS Attacks
  • Analyse cellular connectivity issues
  • Analyse GTP-C messaging
  • Analyses RADIUS problems
  • Analyses air-interface issues
Please contact us for more information:
  • This field is for validation purposes and should be left unchanged.
Share with friends

Cybersecurity Career Guide - A Comprehensive Playbook to becoming A Cybersecurity Expert

Download our FREE PDF and Elevate Your Career in Tech Industry.
Unlock Your Future!