One of the things that I think separates my class from others is how I focus on network troubleshooting first and the tools second.
In my sessions, I introduce analysts to various types of tools, examples of free and paid tools, and more importantly when and where to use tools.
Even when we cover Wireshark, I always start with the ‘story’, have the group go through the troubleshooting process (since there is never one way to fix anything), and then we analyze the data. In my classes, I try to avoid giving the group a trace file and a script on which buttons to push. That approach just isn’t my style.
When we start talking about Wireshark, it is critical to understand when and how to use the tool. In some scenarios you might have to install Wireshark on a remote computer, so we cover Wireshark’s installation options. One option is the silent install which is so handy when you need it. Currently, the Wireshark silent option does not install npcap, so you will have to install that manually.
Here's a video to better walk you through what I’m trying to explain verbally.
If you are interested, my next 2 day virtual Wireshark/Network troubleshooting class is APRIL 25/26, 2023 . Just click on the title to go to the web page.