Free Online Course · Self-paced

Wireshark Tutorial for Network Analysis & Troubleshooting

Free, hands-on Wireshark tutorial covering capture, filters, decryption, TCP/UDP analysis, TLS/IPsec inspection, and real-world troubleshooting. 35+ packet-level examples with sample .pcap files included.

  • 38 parts
  • ~247 min total
  • Beginner to Advanced
  • Updated May 2026
Start the course View syllabus
Wireshark Tutorial for Network Analysis & Troubleshooting
By Last updated

Wireshark is the world's most-used network protocol analyzer - and learning to read packet captures is one of the highest-leverage skills a network or security engineer can build. This tutorial takes you from your very first capture all the way to decrypting TLS handshakes and writing custom dissectors, with hands-on examples for every common protocol.

We start with the basics (how to capture, how filters work, how to build reusable profiles), then dive into TCP internals - sequence numbers, retransmissions, zero-window, fragmentation. From there we cover HTTP, DNS, ARP, TLS decryption, IPsec, Kerberos, LDAPS, RADIUS, and the security-side topics that come up constantly in real incidents (rogue DHCP, duplicate IPs, malicious resource detection, log4j-style traffic analysis).

Click Start the course to begin with "How to use Wireshark", or jump straight to the protocol you are troubleshooting. The TCP, TLS, and Security chapters are the most-bookmarked.

What you'll learn

  • Capture, filter, and analyze packets across all common protocols (HTTP, TLS, DNS, ARP, LDAP, Kerberos, IPsec)
  • Build advanced display filters and reusable configuration profiles
  • Decrypt SSL/TLS, LDAPS, and IPsec traffic for legitimate troubleshooting
  • Diagnose real network problems - retransmissions, zero-window, fragmentation, rogue DHCP, ARP duplicates
  • Use Wireshark for security analysis - malicious resource detection, phishing analysis, log4j-style vulnerabilities

Prerequisites

  • A workstation with Wireshark installed (Linux, macOS, or Windows)
  • Basic networking knowledge - TCP/IP, OSI layers, what an IP address is
  • Root/admin privileges to capture from network interfaces

Syllabus

9 chapters · 38 lessons · ~247 min of reading

  1. 1 Getting Started with Wireshark 3 lessons
    1. Part 1 How to use Wireshark - capture your first packets 8 min read
    2. Part 2 Create reusable configuration profiles 7 min read
    3. Part 3 Wireshark IP filter cheat sheet 6 min read
  2. 2 TCP Deep Dive 6 lessons
    1. Part 4 TCP sequence and acknowledgement numbers explained 6 min read
    2. Part 5 TCP receive window explained 5 min read
    3. Part 6 Diagnose TCP zero-window with Wireshark 6 min read
    4. Part 7 TCP retransmissions - causes and analysis 7 min read
    5. Part 8 Packet fragmentation in Wireshark 8 min read
    6. Part 9 Troubleshooting with TTL values 6 min read
  3. 3 HTTP, DNS, ARP and Common Protocols 5 lessons
    1. Part 10 Analyze HTTP response in Wireshark 7 min read
    2. Part 11 Detect a rogue DHCP server 6 min read
    3. Part 12 Find duplicate IPs with ARP analysis 6 min read
    4. Part 13 Trace IP addresses across captures 5 min read
    5. Part 14 Discover network loops with Wireshark 7 min read
  4. 4 TLS / SSL Decryption and Analysis 7 lessons
    1. Part 15 Decrypt SSL/TLS traffic in Wireshark 6 min read
    2. Part 16 Troubleshoot TLS handshake failures 10 min read
    3. Part 17 Analyze TLS / mTLS sessions 6 min read
    4. Part 18 Decrypt HTTPS / LDAPS traffic 8 min read
    5. Part 19 Analyze LDAP traffic 7 min read
    6. Part 20 Kerberos authentication packet analysis 6 min read
    7. Part 21 Decrypt RDP traffic (with Frida) 6 min read
  5. 5 IPsec / VPN Analysis 2 lessons
    1. Part 22 Analyze IPsec traffic 6 min read
    2. Part 23 Decrypt IPsec ISAKMP and ESP packets 6 min read
  6. 6 AAA, RADIUS and Network Policy Server 7 lessons
    1. Part 24 AAA and Network Policy Server overview 6 min read
    2. Part 25 Set up and test AAA with NPS (Part 2) 6 min read
    3. Part 26 Set up PEAP MS-CHAPv2 with NPS 6 min read
    4. Part 27 Configure FreeRADIUS PAP/CHAP authentication 8 min read
    5. Part 28 FreeRADIUS - LDAP authentication & authorization 6 min read
    6. Part 29 Integrate FreeRADIUS with Active Directory 6 min read
    7. Part 30 Configure VRRP with keepalived 6 min read
  7. 7 Performance and Bandwidth 3 lessons
    1. Part 31 Measure bandwidth with Wireshark 6 min read
    2. Part 32 Check if your ISP is blocking a website 7 min read
    3. Part 33 Troubleshoot TFTP issues 7 min read
  8. 8 Security and Threat Analysis 3 lessons
    1. Part 34 Detect malicious resources in captures 6 min read
    2. Part 35 Analyze the log4j2 vulnerability with Wireshark 6 min read
    3. Part 36 Edit packets in Wireshark (for testing) 7 min read
  9. 9 Remote Capture and Advanced 2 lessons
    1. Part 37 Wireshark remote packet capture 6 min read
    2. Part 38 Write a custom Wireshark dissector 7 min read
Deepak Prasad

R&D Engineer

Founder of GoLinuxCloud with over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels across development, DevOps, …

Certifications
  • Red Hat Certified System Administrator in Red Hat OpenStack
  • Certified Kubernetes Application Developer (CKAD)
  • Red Hat Certified Specialist in Ansible Automation
Expertise
  • Go (programming language)
  • Python (programming language)
  • DevOps
  • Computer Security