jramos/dhcp-wireshark-course
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add course outline, gitignore, and update wireshark fundamentals module

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jramos
2026-03-01 16:25:11 -07:00
parent f8cdcda28c
commit 363003ad6b
4 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
.obsidian/
.DS_Store
*.swp

51
DHCP_WIRESHARK_COURSE.md Normal file
View File

@@ -0,0 +1,51 @@
---
tags:
- project
- course
- dhcp
- wireshark
- networking
- cml
status: complete
---
# Packet Inspector: DHCP Deep Dive with Wireshark
> **From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.**
[← ISP Backbone Lab](https://vulcan.apophisnetworking.net/jramos/isp-backbone-lab) | [Security Lab →](../Home%20Lab/Security%20Lab/Security%20Lab.md)
---
## Module Map
| # | Module | Duration | What You'll Do |
|---|--------|----------|---------------|
| 1 | [Wireshark Fundamentals](modules/01-wireshark-fundamentals.md) | 2 hrs | Install, capture, navigate the UI, basic filters |
| 2 | [DHCP Message Flow (DORA)](modules/02-dhcp-message-flow.md) | 2 hrs | Watch a full DHCP exchange, decode each message |
| 3 | [DHCP Options Deep Dive](modules/03-dhcp-options.md) | 3 hrs | Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 |
| 4 | [DHCP Relay](modules/04-dhcp-relay.md) | 2 hrs | Configure ip helper-address, inspect relayed packets |
| 5 | [Advanced Wireshark Filters & Analysis](modules/05-advanced-wireshark.md) | 2 hrs | Display filters, coloring rules, IO graphs, tshark CLI |
| 6 | [DHCP Troubleshooting Scenarios](modules/06-troubleshooting.md) | 3 hrs | 5 broken scenarios — find and fix using Wireshark |
| 7 | [DHCPv6 & Dual-Stack](modules/07-dhcpv6.md) | 2 hrs | SARR exchange, stateful vs SLAAC, RA flags |
| 8 | [DHCP Security](modules/08-dhcp-security.md) | 2 hrs | Snooping, starvation attacks, rogue server detection |
**Total: ~18 hours** (3 weekends at 6 hrs/day, or spread across evenings)
---
## Prerequisites
- CML installed and accessible (16+ GB RAM recommended)
- Basic CLI comfort (Cisco IOS conf t, show commands)
- Basic understanding of VLANs and IP subnetting
- No Wireshark experience required — Module 1 starts from scratch
- No DHCP server experience required — we build it step by step
---
## Course Files
All modules and diagrams are maintained in:
- **Obsidian**: `Projects/DHCP Wireshark Course/`
- **Gitea**: `jramos/dhcp-wireshark-course` (modules/, diagrams/)

1
_test.txt Normal file
View File

@@ -0,0 +1 @@
test

19
modules/01-wireshark-fundamentals.md
View File

@@ -1 +1,20 @@
# Module 1: Wireshark Fundamentals # Module 1: Wireshark Fundamentals
**Nav:** [Course Home](../README.md) | Module 1 | [Module 2 \u2192](02-dhcp-message-flow.md)
---
## Overview
Wireshark is the most widely used network protocol analyzer in the world. It lets you capture packets off a live network interface and inspect them at every layer of the OSI model \u2014 from raw Ethernet frames up through application-layer payloads. Whether you are troubleshooting a DHCP failure, diagnosing slow application performance, or investigating a security incident, Wireshark gives you ground truth. Logs can lie, dashboards can mislead, but the packet capture tells you exactly what happened on the wire.
In a production environment, the ability to read a packet capture separates the engineers who guess from the engineers who know. When a client reports \u201cthe network is slow,\u201d you can fire up Wireshark, capture traffic, and pinpoint whether the problem is DNS resolution delay, TCP retransmissions, TLS negotiation overhead, or something else entirely. This skill is not optional for any serious network or systems engineer.
This module walks you through the Wireshark interface, teaches you how to start and stop captures, apply filters to isolate the traffic you care about, and read the decoded packet fields. By the end, you will have deployed the full lab topology in CML and completed your first captures \u2014 ICMP and DNS \u2014 which lay the foundation for the DHCP deep-dives in Modules 2 through 4.
---
## Key Concepts
### What Is Wireshark?
Wireshark is a free, open-source packet analyzer. It captures raw network frames from an interface (physical NIC, virtual NIC, or SPAN port) and decodes them into human-readable protocol fields. It supports over 3,000 protocols and can read/write and file formats.