Wireshark Packet Capture ICS Protocol

Master Wireshark for industrial and IT networks. Learn packet analysis, Modbus/Profinet troubleshooting, SCADA diagnostics, and network security. Hands-on projects, PCAPs, and expert tools included. Certificate from Softwell Automation.

Wireshark Foundations – Network Protocol Analysis for Industrial & IT Systems

Capturing ✅ Week 1: Wireshark Foundations – Network Protocol Analysis for Industrial & IT Systems

🔍 Introduction to Wireshark – Understand packet sniffing, protocol analysis, and Wireshark’s role in industrial and IT network troubleshooting
🌐 OSI & TCP/IP Model Overview – Learn the structure of network layers, how data flows, and where packet capture fits in
🧰 Wireshark Interface & Setup – Install and configure Wireshark on Windows/Linux, learn about filters, interfaces, and basic UI navigation
📡 Capturing Packets – Perform real-time traffic capture, use interface-specific options, and understand buffer management
🧾 Display Filters vs Capture Filters – Master logical filtering with BPF (Capture) and Wireshark display filters for targeted analysis
📁 Packet Structure Analysis – Inspect packet headers, payloads, and encapsulation from Ethernet to application layer
📨 Protocol Dissection Basics – Analyze key protocols: Ethernet, ARP, IP, TCP, UDP, ICMP, and their role in communication
🌐 DNS, HTTP, HTTPS Traffic – Decode web communication: Resolve domains, follow HTTP streams, identify SSL handshakes
📊 TCP 3-Way Handshake + Termination – Visualize connection establishment and teardown using sequence/acknowledgement numbers
⏱️ Timing, Latency & Round Trip Time (RTT) – Use Wireshark tools to measure delay, jitter, and communication bottlenecks
📶 Identifying Network Issues – Detect retransmissions, duplicate ACKs, packet loss, out-of-order packets
🔒 Intro to Industrial Protocols in Wireshark – Basics of Modbus TCP, Profinet, EtherNet/IP packet structure (field-level overview)

📊 Mini Project 1: Web Application & DNS Analysis
Use Wireshark to inspect a browser session: DNS resolution → HTTP GET/POST → TLS negotiation → Data analysis

✅ Week 2: Industrial Network Monitoring – Protocol Troubleshooting with Wireshark

🔌 Industrial Network Protocols Overview – Understand SCADA/ICS stack: Modbus TCP, Profinet, EtherNet/IP, OPC UA, MQTT
🧩 Analyzing Modbus TCP Traffic – Decode read/write coils/registers, function codes, exception responses, and latency
🌐 Profinet Frame Analysis – Monitor cyclic real-time data exchange, device diagnostics, and connection establishment
🛠️ OPC UA & MQTT Overview in Wireshark – Understand secure IIoT data exchange, connection setup, and session analysis
🔗 Identifying Broadcasts & Multicast Traffic – Analyze network load from discovery protocols: ARP, DHCP, LLDP, Profinet DCP
📶 Filtering & Coloring Rules – Use custom color rules and compound filters to highlight errors, device-specific traffic
🔎 Using Follow Stream & Expert Info – Extract complete data streams (TCP/UDP), leverage Wireshark's Expert Info for anomalies
🛠️ Network Latency & Performance Testing – Analyze delay between PLCs, HMIs, SCADA, and edge devices using Wireshark statistics
📶 Protocol-Specific Statistics – Use IO graphs, flow graphs, and protocol hierarchy for visual traffic breakdowns
🔧 Industrial Troubleshooting Cases – Diagnose misconfigured PLC IPs, bad Modbus CRCs, VLAN tag conflicts, packet flooding
🔐 Security in SCADA Networks – Detect unauthorized scans, brute force attempts, MITM traces, and unencrypted sensitive traffic
📈 Saving & Sharing Capture Files (PCAP) – Learn best practices for capturing, saving, annotating, and exporting trace files
🧪 Wireshark CLI Tools: tshark & editcap – Use command line tools for automation, filtering, and splitting trace files

📊 Capstone Project: Diagnose SCADA Network Traffic
Given a packet capture: analyze PLC-HMI-Modbus traffic, detect issues, document findings using screenshots, filters & comments

🎯 Who Should Join?

Network Engineers, Automation Engineers, SCADA System Integrators, Cybersecurity Enthusiasts, Freshers in OT/IT Network Monitoring

🛠️ Tools You’ll Use:

Wireshark v4.x, Modbus TCP PLCs (Siemens/Schneider), Profinet devices, Tshark CLI, Packet Capture Tools (PCAPs)

📅 Next Batch Starts: Aug 12, 2025 | Duration: 2 Weeks | Mode: Online / Offline | Timing Options: Morning | Evening | Weekend

📞 Want to Monitor PLC & SCADA Traffic in Real Time?

Bonus: Free PCAP files from live industrial environments + Modbus/Profinet Filter Cheat Sheet
🎓 Certificate: Practical Network Analysis Training from Softwell Automation

➡️ Enroll Now | 📱 +91-9909700584 | 🌐 www.softwellautomation.com

Enquiry for Wireshark Training