Wireshark Cert. Net. Analyst- Official Exam Prep Guide

chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPsPosts: 1,884Member ■■■■■■■■□□
Here is an update if it hasnt already been posted. Laura is coming out with a new Official cert guide book with practice questions for the exam. It is a companion to the book she just recently came out with earlier in the year. Those study materials are getting expensive these days haha

Wireshark Network Analysis

this is not the same book as the one listed here - Amazon.com: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (978189393999icon_cool.gif: Laura Chappell, Gerald Combs: Books

"This book is intended to provide practice quiz questions based on the thirty-three areas of study defined for the Wireshark Certified Network Analyst™ Exam. This Official Exam Prep Guide offers a companion to Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide."

Due out August 2010
Get Certified! [Coming August 2010]
Paperback: 202 pages
Publisher: Protocol Analysis Institute, dba Chappell University
Language: English
ISBN10: 1-893939-98-7
ISBN13: 978-1-893939-98-1
Size: 7.44 x 9.69 inches
Weight: 1.1 pounds
Contact: [email protected] or +1 408-378-7841
Exam: Version 1 (WCNA-100 Exam)
Exam Info: www.wiresharktraining.com/certification
2019 Goals:
Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
2020 Goals:
Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
«1

Comments

  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,884Member ■■■■■■■■□□
    quick bump,

    The New Wireshark Certification is now available for those interested in taking the exam.
    2019 Goals:
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
    2020 Goals:
    Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    chrisone wrote: »
    quick bump,

    The New Wireshark Certification is now available for those interested in taking the exam.

    This looks like such an interesting cert to get. Hmm what are you thoughts?
  • DevilsbaneDevilsbane Posts: 4,212Member ■■■■■■■■□□
    knwminus wrote: »
    This looks like such an interesting cert to get. Hmm what are you thoughts?

    I think it would be great to have. I also think it would be very challenging. I'm probably going to stick this in my "need to get" pile. But probably not anytime soon.
    Decide what to be and go be it.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    Devilsbane wrote: »
    I think it would be great to have. I also think it would be very challenging. I'm probably going to stick this in my "need to get" pile. But probably not anytime soon.

    Define anytime soon. I'm seriously thinking about doing starting studying for this soon and doing it some time next year. It seems like it would blend nicely with a C|EH and a CCNP (both of which I already want to do) and since I am not going after too much (since I will be finishing up school and all) this seems like a good one to get.
  • DevilsbaneDevilsbane Posts: 4,212Member ■■■■■■■■□□
    knwminus wrote: »
    Define anytime soon. I'm seriously thinking about doing starting studying for this soon and doing it some time next year.

    Mid to late next year at the earliest. I need to finish MCSE and take some time off. Maybe it will be a 2012 cert along with CCNA?

    Next year my plan was to get some Security certifications, haven't decided which yet though. I've been told that CISA and CISM are good to get moving in the CISSP direction, which is somewhere that I would eventually like to be.
    Decide what to be and go be it.
  • networker050184networker050184 Posts: 11,962Mod Mod
    I'd read the book, but the cert is probably pretty useless.
    An expert is a man who has made all the mistakes which can be made.
  • DevilsbaneDevilsbane Posts: 4,212Member ■■■■■■■■□□
    I'd read the book, but the cert is probably pretty useless.

    Test is $299 which is pretty steep. I wonder how companies will feel about having the sheet of paper. The knowledge gained would be invaluable.

    The logo looks pretty sweet
    Decide what to be and go be it.
  • DevilsbaneDevilsbane Posts: 4,212Member ■■■■■■■■□□
    100 questions, 2 hours. All multiple choice (with 1 correct answer) or T/F. Can't complain with that.

    Only 3 attemps per year though.
    Decide what to be and go be it.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    I'd read the book, but the cert is probably pretty useless.

    Maybe now but wireshark is popular and if this cert takes off, then it could be extremely popular.
    Devilsbane wrote: »
    Test is $299 which is pretty steep. I wonder how companies will feel about having the sheet of paper. The knowledge gained would be invaluable.

    299 isn't that much more than a cisco exam (at least at the NA level) and if it is lifetime than I could see it being worth it.
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Posts: 1,501Member ■■■■■■■■□□
    I wish NMAP had one lol. I'm tempted to do this but I'm trying to keep my CPE count low; it doesn't mean I won't study the content though icon_cheers.gif

  • networker050184networker050184 Posts: 11,962Mod Mod
    knwminus wrote: »
    Maybe now but wireshark is popular and if this cert takes off, then it could be extremely popular.

    I doubt it really, but you never know. I believe this cert has been around for a few years and has already been discontinued once .
    An expert is a man who has made all the mistakes which can be made.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    I doubt it really, but you never know. I believe this cert has been around for a few years and has already been discontinued once .

    I think you are right. I don't think there was a much "hype" about it before. Plus if an ultra l33t ninjaneer like your self takes it. The rest of us noobs will be sure to follow icon_thumright.gif
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,884Member ■■■■■■■■□□
    knwminus wrote: »
    This looks like such an interesting cert to get. Hmm what are you thoughts?

    I think, like everyone else here, the information is highly valuable. If the cert takes off it will be a big bonus on your resume. The way i see it now without the publicity, it will still look impressive on your resume. Regardless of the publicity of the cert, its random to see someone with a packet inspection cert. Its random people talk about having such a cert, but we all know what packet inspection is, well at least those of us in the IT industry regardless of your job position, even help desk guys know what packet inspection means. I believe if you had this cert on your resume it will make you stand out, as like i said before, everyone in the IT industry knows what deep packet inspection is, but little have the full skill set one would learn and obtain from such certs.

    Well those are my opinions, they are not the best nor am i correct, thats just how i feel. I may take the cert next summer, i need to finish CCDP and get my CCNA Security. I dont think there will ever be a new CCNP Security, which is what i was hoping to studying for in 2011. I doubt it so i will move on to other certs like this one and take a lot of time off as well from studying.
    2019 Goals:
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
    2020 Goals:
    Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    I'll add my two cents as I bought that book as well...

    In my opinion, certified or not, knowing how to do basic protocol analysis is an extremely valuable skill whether doing desktop support or server-side troubleshooting. If you work with networking devices, it's pretty much a given the way I see it. I know there may be a number of network engineers out there who haven't done a lot of packet dissection, but baselining an environment or at least being able to drill down to the packet / frame level is critical ... especially in wireless networks. The debug commands in IOS only tell you so much. Sometimes you really need to look at the contents of the payload at a granular level.

    If I had known how to use a packet sniffer, tcpdump, etc. during my early years in the field, I would no doubt be in a much, much better place today.

    I don't know if obtaining a certification is necessarily critical (it all depends on how well it's received) but I'd guess that the certification probably doesn't have much to do with using Wireshark as much as understanding protocols and their behavior. I attended the first Sharkfest a couple of years ago (in Los Altos, CA) and the bulk of what was discussed in the various talks were about protocols, potential failure points, etc.. Good stuff, but I learned a whole lot more about (how little I knew) protocols than I did about the tools.

    BTW, Laura Chappell (the author of the Wireshark book) is an excellent instructor. Richard Bejtlich gave the book a highly favorable review:

    http://taosecurity.blogspot.com/2010/08/review-of-wireshark-network-analysis.html
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • forkvoidforkvoid Posts: 317Member
    knwminus wrote: »
    if it is lifetime than I could see it being worth it.
    How long is my certification valid?
    Wireshark Certified Network Analyst status is valid for two (2) years from the successful completion of the Exam. Additional training and testing qualifications will be required to maintain a current certified status.

    I actually spent a fair amount of my day tracking down a VoIP issue using Wireshark. First time I've ever used it. Pretty sweet, though. And I solved the problem, thanks to it. :D
    The beginning of knowledge is understanding how little you actually know.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    2 years? Man that's bull.
  • zerglingszerglings Senior Member Posts: 295Member ■■■□□□□□□□
    Here's my 2 cents. Network Analysis is a skill that you pick up from doing it and not from reading a book. This cert is pretty useless in my opinion. Packet analysis is pretty much understanding how protocols work and not because you know how to use a specific application.
    :study: Life+
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    zerglings wrote: »
    Here's my 2 cents. Network Analysis is a skill that you pick up from doing it and not from reading a book. This cert is pretty useless in my opinion. Packet analysis is pretty much understanding how protocols work and not because you know how to use a specific application.


    Wait-- your sig states you are reading the book. I don't understand?
  • powerfoolpowerfool CISSP, MCSE Posts: 1,635Member ■■■■■■■■□□
    What does this certification really cover? I use WireShark personally, but I use a commercial and very expensive 24x7 packet capture probes that store about 5 days worth of packets. I understand how protocols work from layer 2-4 in great depth, and I know many other application protocols.

    Does this examine how to make since of things like performance metrics and such that can be derived from packet capture?

    I feel it would be useful even though I use a different product most of the time. The vendor also offers a network analyst certification, but I don't think it really matters.
    AZ-300 [x] AZ-301 [x]
    2019 Goals: Azure Architect
  • zerglingszerglings Senior Member Posts: 295Member ■■■□□□□□□□
    knwminus wrote: »
    Wait-- your sig states you are reading the book. I don't understand?

    I bought the book a couple of months ago and it was never my intention to take the cert.
    powerfool wrote: »
    What does this certification really cover? I use WireShark personally, but I use a commercial and very expensive 24x7 packet capture probes that store about 5 days worth of packets. I understand how protocols work from layer 2-4 in great depth, and I know many other application protocols.

    Does this examine how to make since of things like performance metrics and such that can be derived from packet capture?

    I feel it would be useful even though I use a different product most of the time. The vendor also offers a network analyst certification, but I don't think it really matters.

    AFAIK, the certification covers on how to use the tool. At least, from the first few chapters of the book it was more focused on how to use the tool and not analyzing packet captures. We also use commercial product as well, but ours can only hold 24 hours of data since we have a lot of data passing through the network. Not sure if there is available hardware configuration that can support holding more than 24 hours worth of data capture in our environment or not. We still use Wireshark to play RTP streams since the commercial products that we use don't have that capability, I believe. Some of my colleagues use it on other packet captures because it just displays better in Wireshark compared to other applications that we use.
    :study: Life+
  • sidsanderssidsanders Posts: 217Member ■■■□□□□□□□
    certs for everything...

    snoop/tcpdump can be just as effective at finding probs -- had an internet performance issue recently. the firewall was getting hammered, used snoop to isolate where the tons of traffic where coming from and found an infected pc (internal) throwing out tons of icmp traffic. fw was dropping it, however the volume was crazy.

    had a recent problem with services for unix 3.5 and nfs server on windows -- found that on a unix mount to windows would fail cuz the nfs security lookup (to a dc) tried to talk to an improperly configured AD server -- found someone had created a new subnet and linked it to a site with the wrong dc. used tcpdump + wireshark.

    forgive the rambling... lots of tools are out there that can be of use/value -- i dont think they should require you to be certified or have credentials to be able to use them.
    GO TEAM VENTURE!!!!
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    zerglings wrote: »
    AFAIK, the certification covers on how to use the tool. At least, from the first few chapters of the book it was more focused on how to use the tool and not analyzing packet captures.


    Have you finished the book yet?
  • zerglingszerglings Senior Member Posts: 295Member ■■■□□□□□□□
    knwminus wrote: »
    Have you finished the book yet?

    Nope, I don't intend to finishing the book anytime soon.
    :study: Life+
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    This book is very slow on getting to the good stuff. It gives you a solid foundation in Wireshark before it really delves into the interesting material; don't give up on it.

    It hits on all the major protocols, but I wouldn't call it comprehensive (but hey, that's why we have RFCs). I didn't know Bejtlich was doing a review. I'm doing one for Ethical Hacker that I'm hopefully going to finish this weekend, so I'm going to avoid that one until I'm done. His reviews are fantastic though.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,884Member ■■■■■■■■□□
    zerglings wrote: »
    Here's my 2 cents. Network Analysis is a skill that you pick up from doing it and not from reading a book. This cert is pretty useless in my opinion. Packet analysis is pretty much understanding how protocols work and not because you know how to use a specific application.

    I understand where your coming from, however how do you expect to know what your looking at inside the packet or how the stream is formed or what your looking at on the screen if you dont read about it? Any book, pdf, online article, tutorial, requires reading. I mean your first intentions for buying the wireshark book was to learn about deep packet inspection right? Thats why knwminus and I are a bit confused in your statements. I am confused on why you say you dont need a book to learn this stuff but then you bought it and are reading it?

    Any cert can be a positive, no matter its worth/publicity. Like i have always stated on this forum, proof of education is never a negative.
    2019 Goals:
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
    2020 Goals:
    Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    I used tcpdump a ton when I was troubleshooting Checkpoint. I added this to my wishlist on Amazon to get at a later date. I don't plan on taking the cert but it's asked for a lot as a skill in security job postings.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    chrisone wrote: »
    Thats why knwminus and I are a bit confused in your statements. I am confused on why you say you dont need a book to learn this stuff but then you bought it and are reading it?

    ^^^Hit it right on the head.

    Well if I have the time/money, I am going to go for it. The material is basically 100+ which is going to be much less than the cost of the CCNP or C|EH. The test cost is 300 which is a little more than the C|EH but less than the total cost of the CCNP. The actual pcaps are freely available and I can always generate more. The main thing is probably going to be time but I'll cross that bridge when I get there. Recerting doesn't look that bad either.

    I guess once I get past the wireshark specific stuff, I will duplicate anything I study in at least TCPdump/Windump. That way I will be a more well rounded analyst. So that's one vote from me.
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Laura actually plays nice with those other utilities in the book. Personally, I always capture with one of those and then analyze with Wireshark when I want the graphs, visualizations, etc. (unless I'm doing something very light/quick).
  • HeeroHeero Posts: 486Member
    http://www.vlabsource.com/wsucertinfopk030409.pdf

    Great PDF with fairly comprehensive information about the certification.

    EDIT: This PDF is a bit outdated
  • networker050184networker050184 Posts: 11,962Mod Mod
    Heero wrote: »
    http://www.vlabsource.com/wsucertinfopk030409.pdf

    Great PDF with fairly comprehensive information about the certification.


    So this is an online exam? And costs $300? Whoa....
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.