In this article I explain how I am preparing for the Wireshark WCNA exam.
- Laura Chappell’s WCNA Official Study Guide. Here.
- CBT Nuggets Quickstart Into Wireshark. This course has been remold into this.
- Udemy Wireshark Crash Course. You find it here.
- Udemy WCNA course from HowToNetwork. You find the course here.
- INE Wireshark Technologies. Here.
- Stevens’ TCP/IP Illustrated, Vol.1. Here.
- TCP/IP Guide. Here.
- Calculating IP checksum. Here
- Free Maxmind databases. Here.
- Anki to create and review flashcards. You can access my flashcards for free here.
- Some related Pluralsight courses, since I have a corporate account (thanks to NTT Ltd).
Equipement and software
- A laptop with 16GB RAM.
- A Huawei Media Pad M5 Lite to study on the go or while laying on the couch
- Vmware Fusion. It is free.
- a Windows 10 evaluation image, which you can download from Microsoft directly for free. I needed a Windows environment, because the Wireshark WCNA exam seems to me to focus on a Windows environment.
Why I chose to study for the Wireshark WCNA exam
The WCNA exam is not as popular as Cisco or Comptia exams. But the exam itself circles around building a solid foundation of TCP/IP.
I first read about the Wireshark WCNA exam in 2014. Back then I was not serious about it.
As part of the IT team of Zitouna Bank, I participated in the past in installing a variety of network and security gear. But sometimes something does not go well and you get stuck in a technical problem where a solid knowledge of TCP/IP could have told what was going on on the wire.
Even our network consultants, when they discover the problem for the first time, seem like to repeat the same steps we just described to them, and end up with opening a case with the manufacturer.
Besides, I knew nobody in my professional circle who had solid TCP/IP skills, in a way that he would interpret a TCP session from A to Z. The only thing I hear was “here is a TCP SYN” or “the connection was reset because there is a RST packet.”
There is also a trend among network engineers, where they feel they brought something big when they say “Let’s setup Wireshark and see what’s wrong.” In reality, I still haven’t met a network engineer who knew how to interpret packets and find the problem after saving the trace file.
This is not to mention that I used to get biased symptoms and descriptions from end users, which confuse and make you waste some time.
In addition, in my daily job I am fed up of the “guess work” that many network technicians are doing when they are troubleshooting a network incident. They base their logic often on intuition. And intuition without solid experience is delusion.
One last reason to pursue the Wireshark WCNA exam is, that I am fed up of reading stories of CCIE graduates who still struggle with TCP/IP protocols. If someone is a Cisco Internetwork Expert, then he must have learned TCP/IP on a deep fucking level. Otherwise, he does not really deserve the title of expert.
I won’t write any technical articles around my Wireshark studies. I noticed that I forget a lot, even if I write a detailed tutorial. What I need is a constant exposure to the content, and blogging did not help me across the years.
In fact, I had the experience with the last certification exam I’ve passed, the Cisco ACI exam. Although I’ve read multiple resources on the topic and wrote many articles, I know have forgotten a lot of the details. My current job role does not imply me deep into ACI. So, just like any normal human mind, my memory tends to delete things.
In the past, I’ve also leveraged mind maps to summarize key words and topics. With Wireshark WCNA, I don’t really see special keywords inherent to Wireshark, because it is almost focused on the tool and on the TCP/IP protocols.
So, I am not going to develop mind maps for Wireshark WCNA. Instead, I am going to build robust Anki flashcards. And by robust, I mean any questions that relate to Wireshark in my head, I will document it.
Why? Because I recently realized that with repetitive exposure to the flashcards, I was able to force my memory to retrieve memory files frequently, thus being able to recall topics faster.
And as I have bought an decent android tablet with wireless NIC, I’ve installed Anki on it to be able to practice my flashcards, in addition to practicing on my smartphone.
There are a lot of concepts and mechanisms in TCP/IP. I’ve come to realize that, to succeed in deeply learning Wireshark, and in a more general way the networking industry, I should consider it just like medical studies: I do not need to be an academic genius; I only need to train my memory each day through flashcards, and be fucking very patient.
I’ve realized that network protocols could be compared to how the human body works: there are rules by which every cell works.
Just like a good doctor does an accurate analysis based on x-rays or cardiograms, a good network engineer must be able to interpret bits and packets and give reliable answers.
Some useful links
- Disabling Checksum verification. Link.
- Installing Vmware Workstation on Linux Mint. Link.