From 363003ad6bf124d4b106b6a5001e632a5a2b8045 Mon Sep 17 00:00:00 2001 From: jramos Date: Sun, 1 Mar 2026 16:25:11 -0700 Subject: [PATCH] Add course outline, gitignore, and update wireshark fundamentals module Co-Authored-By: Claude Opus 4.6 --- .gitignore | 3 ++ DHCP_WIRESHARK_COURSE.md | 51 ++++++++++++++++++++++++++++ _test.txt | 1 + modules/01-wireshark-fundamentals.md | 19 +++++++++++ 4 files changed, 74 insertions(+) create mode 100644 .gitignore create mode 100644 DHCP_WIRESHARK_COURSE.md create mode 100644 _test.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..044ce88 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.obsidian/ +.DS_Store +*.swp diff --git a/DHCP_WIRESHARK_COURSE.md b/DHCP_WIRESHARK_COURSE.md new file mode 100644 index 0000000..723a6c5 --- /dev/null +++ b/DHCP_WIRESHARK_COURSE.md @@ -0,0 +1,51 @@ +--- +tags: + - project + - course + - dhcp + - wireshark + - networking + - cml +status: complete +--- + +# Packet Inspector: DHCP Deep Dive with Wireshark + +> **From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.** + +[← ISP Backbone Lab](https://vulcan.apophisnetworking.net/jramos/isp-backbone-lab) | [Security Lab →](../Home%20Lab/Security%20Lab/Security%20Lab.md) + +--- + +## Module Map + +| # | Module | Duration | What You'll Do | +|---|--------|----------|---------------| +| 1 | [Wireshark Fundamentals](modules/01-wireshark-fundamentals.md) | 2 hrs | Install, capture, navigate the UI, basic filters | +| 2 | [DHCP Message Flow (DORA)](modules/02-dhcp-message-flow.md) | 2 hrs | Watch a full DHCP exchange, decode each message | +| 3 | [DHCP Options Deep Dive](modules/03-dhcp-options.md) | 3 hrs | Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 | +| 4 | [DHCP Relay](modules/04-dhcp-relay.md) | 2 hrs | Configure ip helper-address, inspect relayed packets | +| 5 | [Advanced Wireshark Filters & Analysis](modules/05-advanced-wireshark.md) | 2 hrs | Display filters, coloring rules, IO graphs, tshark CLI | +| 6 | [DHCP Troubleshooting Scenarios](modules/06-troubleshooting.md) | 3 hrs | 5 broken scenarios — find and fix using Wireshark | +| 7 | [DHCPv6 & Dual-Stack](modules/07-dhcpv6.md) | 2 hrs | SARR exchange, stateful vs SLAAC, RA flags | +| 8 | [DHCP Security](modules/08-dhcp-security.md) | 2 hrs | Snooping, starvation attacks, rogue server detection | + +**Total: ~18 hours** (3 weekends at 6 hrs/day, or spread across evenings) + +--- + +## Prerequisites + +- CML installed and accessible (16+ GB RAM recommended) +- Basic CLI comfort (Cisco IOS conf t, show commands) +- Basic understanding of VLANs and IP subnetting +- No Wireshark experience required — Module 1 starts from scratch +- No DHCP server experience required — we build it step by step + +--- + +## Course Files + +All modules and diagrams are maintained in: +- **Obsidian**: `Projects/DHCP Wireshark Course/` +- **Gitea**: `jramos/dhcp-wireshark-course` (modules/, diagrams/) diff --git a/_test.txt b/_test.txt new file mode 100644 index 0000000..30d74d2 --- /dev/null +++ b/_test.txt @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/modules/01-wireshark-fundamentals.md b/modules/01-wireshark-fundamentals.md index f1ed44d..9c64932 100644 --- a/modules/01-wireshark-fundamentals.md +++ b/modules/01-wireshark-fundamentals.md @@ -1 +1,20 @@ # Module 1: Wireshark Fundamentals + +**Nav:** [Course Home](../README.md) | Module 1 | [Module 2 \u2192](02-dhcp-message-flow.md) + +--- + +## Overview + +Wireshark is the most widely used network protocol analyzer in the world. It lets you capture packets off a live network interface and inspect them at every layer of the OSI model \u2014 from raw Ethernet frames up through application-layer payloads. Whether you are troubleshooting a DHCP failure, diagnosing slow application performance, or investigating a security incident, Wireshark gives you ground truth. Logs can lie, dashboards can mislead, but the packet capture tells you exactly what happened on the wire. + +In a production environment, the ability to read a packet capture separates the engineers who guess from the engineers who know. When a client reports \u201cthe network is slow,\u201d you can fire up Wireshark, capture traffic, and pinpoint whether the problem is DNS resolution delay, TCP retransmissions, TLS negotiation overhead, or something else entirely. This skill is not optional for any serious network or systems engineer. + +This module walks you through the Wireshark interface, teaches you how to start and stop captures, apply filters to isolate the traffic you care about, and read the decoded packet fields. By the end, you will have deployed the full lab topology in CML and completed your first captures \u2014 ICMP and DNS \u2014 which lay the foundation for the DHCP deep-dives in Modules 2 through 4. + +--- + +## Key Concepts + +### What Is Wireshark? +Wireshark is a free, open-source packet analyzer. It captures raw network frames from an interface (physical NIC, virtual NIC, or SPAN port) and decodes them into human-readable protocol fields. It supports over 3,000 protocols and can read/write and file formats.