I just recently got back from Atlanta, GA where I attended the “Wireshark University Troubleshooting and Security Bootcamp” course.
This was a four day course designed to assist those in the network and security fields analyze TCP packet dumps for both performance problems and security issues. As I tend to look at a number of tcpdumps taken during times of performance issues, I thought that this class would be helpful.
My overall impression of the class was favorable. Unlike other supposedly advanced classes I’ve been in, there was no coddling of the unqualified. You were expected to have a solid understanding of TCP/IP in order to keep up.
The course book was a bit sparse, but the entire point of the class was to look at packet dumps in wireshark. To that end, the lab materials (provided on DVD in the back of the book) were excellent. In addition, the instructor supplemented the provided trace files by capturing live traffic on the network and analyzing it on the overhead. To highlight some of the security segments, she installed a honeypot on an unpatched Windows XP box to capture some virus and worm infection attempts.
Of course, in any type of training class there is always room for improvement. I would have liked if the class were five days, rather than four. As we were all very competent with networking we frequently came up with a lot of ‘what if’ type of scenarios that we explored, taking us off track. The course book could also use a bit more ‘meat’ to it.
Despite these few shortcomings, I wouldn’t hesitate to recommend this class to someone who has a solid networking background and has the need to capture or analyze traffic using wireshark.