Wireshark Cert. Net. Analyst- Official Exam Prep Guide

Bl8ckr0uter

networker050184 wrote: »

So this is an online exam? And costs $300? Whoa....

Is that expensive?

networker050184

knwminus wrote: »

Is that expensive?

It is for an online exam IMO. Usually something given in that format is cheap as it can't really be verified that you yourself actually took the exam. I think if they want this thing to be respected they should at least have you take it at a proper testing center.

dynamik

I think they need to charge that to cover the costs of development; they will likely have a small audience compared to CompTIA, MS, Cisco, etc.

I'm a big fan of Wireshark and everyone involved with developing, promoting, and teaching it. I'm concerned about the credibility of online exams though. I'm curious how they're going to maintain the integrity of the certification and prevent people from just cheating their way through it.

mikej412

knwminus wrote: »

Is that expensive?

It's cheaper than a CCIE Written exam -- and probably all the different vendor Lab Exams available. And I think it's cheaper than the CISSP.

I started with LAN Watch on a 5-1/4 boot floppy with Norton Editor to switch between packet drivers and network stacks and I compiled the source for TCPDUMP on a 3B2-400 -- I'm not dropping everything to jump on this certification but I will add it to my wish list.

Devilsbane

knwminus wrote: »

Is that expensive?

$300 is never to be taken lightly. But it isn't the end of the world. Add in the $90 book and the other practice question book (not sure of cost) and you're looking at a certification for less than $500. I would consider that to be a reasonable amount.

networker050184

Devilsbane wrote: »

$300 is never to be taken lightly. But it isn't the end of the world. Add in the $90 book and the other practice question book (not sure of cost) and you're looking at a certification for less than $500. I would consider that to be a reasonable amount.

I'd consider it reasonable also if it was delivered in some kind of reputable testing format.

chrisone

networker050184 wrote: »

So this is an online exam? And costs $300? Whoa....

I guess your right, you can take it online at home, which does kind of defeat the purpose. Anyone want to gather at my house to take our exams together? lol just kidding


"How to Obtain Certification

Protocol Analysis Institute's Certification Exams are available at hundreds of testing centers around the world. You can take your Exam at a KRYTERION High-stake Online Secure Testing (HOST) location or where you live, learn or work via KRYTERION's Online Proctoring (OLP) services. In some cases, online Assessment Exams may also be available. To find out more about Protocol Analysis Institute's Certification Exams, please visit Protocol Analysis Institute's website."

Devilsbane

chrisone wrote: »

I guess your right, you can take it online at home, which does kind of defeat the purpose. Anyone want to gather at my house to take our exams together? lol just kidding

LAN party!

dynamik

I don't understand why they're allowing the online option if KRYTERION is offering the exam. KRYTERION also proctors SANS/GIAC exams.

docrice

I think what they mean by taking the exam "where you live" is in the event there's no Kryterion testing center near your home, they'll arrange an alternative proctor-based location that's not Kryterion. At least that's what I recall reading when checking out the testing setup for the GIAC exams.

networker050184

Thats not how it seemed to me, but I may be mistaken. This is from the PDF linked above. Things may have changed of course as it is dated March 2009.

Step 3: Take the Exam Now
If you are ready to take the Exam at this time, access
wsu.vlabsource.com and click Login to provide your
registration credentials and your Voucher Number.
Once your Voucher Number is validated, you may
access the Exam. Refer to the Test Drive video for
details on the virtual environment set up and login
procedure.

EDIT: Yep, it looks like that info is out of date. It is now offered through the Kryterion test centers.

http://www.wiresharktraining.com/Files/wsucertinfopk11Aug10.pdf

zerglings

chrisone wrote: »

I understand where your coming from, however how do you expect to know what your looking at inside the packet or how the stream is formed or what your looking at on the screen if you dont read about it? Any book, pdf, online article, tutorial, requires reading. I mean your first intentions for buying the wireshark book was to learn about deep packet inspection right? Thats why knwminus and I are a bit confused in your statements. I am confused on why you say you dont need a book to learn this stuff but then you bought it and are reading it?

Any cert can be a positive, no matter its worth/publicity. Like i have always stated on this forum, proof of education is never a negative.

I guess my point is, you don't have to show you're certified in Wireshark to say you know how to do packet analysis. While this is also true in Cisco and other stuff, I just don't see any value to this certification at all. But, what do I know? Maybe five years from now, everybody is going to list this as one of the requirements for Network Engineer positions.

Heero

zerglings wrote: »

I guess my point is, you don't have to show you're certified in Wireshark to say you know how to do packet analysis. While this is also true in Cisco and other stuff, I just don't see any value to this certification at all. But, what do I know? Maybe five years from now, everybody is going to list this as one of the requirements for Network Engineer positions.

Its the same as any other certification. All it says is that you were able to pass the exam. There really aren't any certifications that you have to have in order to say you know networking, or programming, or server administration, or windows, etc.... The thing is, certifications help employers differentiate, becuase they then can assume a certain level of knowledge due to the cert, and go from there.

lchappell

Hello all -

Thought I'd pop in here and join the discussion regarding the new certification (yes, we did have an online version up until last year, but we had to pull it when it was evidence we were going to go global and require a more secure test).

1. I will be presenting several webinars this week to explain the Wireshark Cert, give some details on the Exam process and answer any questions. Any one can register at Wireshark Jumpstart Training Course with Laura Chappell.

2. You can download the Certification Information Package at Wireshark University - Wireshark Certified Network Analyst - that explains the 33 areas of study that you will be tested on.

3. The Exam focuses on both Wireshark usage (for example, the interpretation and possible cause of fast retransmissions vs. retransmissions) and how to filter on specific traffic types, as well as protocol knowledge (for example, the legal/illegal flag combinations in a TCP header or the cause of an ICMP response to a TCP SYN packet). Emphasis is on packet-level troubleshooting. Less emphasis on packet-level forensics (the Study Guide is lighter in that area as well). Some basic WLAN analysis and VoIP interpretations round out the focus.

4. If you've been sniffing packets for years you should sail right through the protocol knowledge portion of the test. If you've kept up with Wireshark's functionality, you'll sail through the Wireshark usage portion of the test.

5. Yes - it is just multiple choice and true/false. Now that said, there are numerous questions that contain a screenshot of a packet. You must interpret the packet to determine the correct answer. For example, if you don't know the difference between a standard ARP request packet and a gratuitous ARP packet, your interpretation will lead you astray.

Gerald and I have talked about this cert for a long time. I firmly believe that anyone that works in the IT industry should know how to read trace files and spot basic problems/security issues. There are too many network issues that do not generate an "Your network is slow because Router X is misconfigured" error messages. A quick look at the traffic always points to where the problem is (although it does not necessarily tell you why the problem is occurring).

I am interested in hearing your thoughts regarding this certification program. As you might have already guessed, we are defining the certification as complementary to CISSP, GIAC, MCTS, etc.

You can write to me off-line with your thoughts as well - laura@chappellu.com.

Laura

networker050184

Thanks for giving some insight!

Bl8ckr0uter

Thanks for the information Ms Chappell.


I would like to know what experience level you think the average WCNA will have (in network analysis, networking, and IT in general)? Oh and I follow your twitter, TCPDUMP has been awesome for capturing these pcap files.

chrisone

Awesome! Thanks Laura for settings things straight here! looking forward to your webinars!

Bl8ckr0uter

knwminus wrote: »

2 years? Man that's bull.

Looks like it is valid for 3 years.

Devilsbane

knwminus wrote: »

Looks like it is valid for 3 years.

That isn't much better. I was hoping it would be a lifer

Bl8ckr0uter

Devilsbane wrote: »

That isn't much better. I was hoping it would be a lifer

3 years is for CCXA/CCXP and such so I'm ok with that amount of time.

dynamik

Devilsbane wrote: »

That isn't much better. I was hoping it would be a lifer

Pretty much everything is going to 3-4 years to be ISO compliant. Plus, the Wireshark today will be very different than the Wireshark three years from now. It doesn't make sense to keep it valid when so much changes. Renewing is certainly a pain, but it makes the certifications more valuable and relevant.

Bl8ckr0uter

The CPE progress seems pretty easy so that's good.

dynamik

I haven't had a chance to watch it yet, but the webinar is now available: Wireshark University - Wireshark Certified Network Analyst

Devilsbane

dynamik wrote: »

Pretty much everything is going to 3-4 years to be ISO compliant. Plus, the Wireshark today will be very different than the Wireshark three years from now. It doesn't make sense to keep it valid when so much changes. Renewing is certainly a pain, but it makes the certifications more valuable and relevant.

I agree. I like the way Microsoft has things set up though. I earned the MCSA credential, and I can keep that until the day I die. In 10 years time an employer likely won't care about it and it would be in my best interest to have other certifications, but I still have that. I'm just not a fan of working hard for something and knowing that it is going to be taken away.

mikej412

The Kindle edition of the Official Exam Prep Guide: Wireshark Certified Network Analyst is $9.99.

Since it's practice quiz questions I figure I'll probably skip the book on this one and just use the Kindle edition. Just noticed it in my Amazon wish list and jumped on the Kindle price!!

No Kindle edition of the Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide. The book is worth the price (especially if you got an autographed 1st edition), but it would be nice to have a Kindle edition to read (and for reference).

chrisone

ah nice! thanks for the info mike!