In this article I explain how I am preparing for the Wireshark WCNA exam.
1- Laura Chappell’s WCNA Official Study Guide (here)
This is one of the best certification study guides I’ve ever read in IT. I loved Laura’s writing style. She sounds friendly and relaxed. No dry text. It sounds as if she is blogging not writing a technical book, which is nice.
2- Stevens’ TCP/IP Illustrated, Vol.1, 2nd Edition (here)
Preparing for the Wireshark WCNA exam requires solid TCP/IP knowledge. Unfortunately, this is one of missing points in the official study guide. So I searched the internet for a reliable source for TCP/IP knowledge.
Richard Stevens is to me the best TCP/IP teacher that ever lived on Earth. He explains the TCP/IP stack to a T, using Unix. Even though I have a basic Linux experience (yet), I had no big difficulties following along with his examples. I was excited and ashamed at the same time. Ashamed because I graduated as a network engineer from a reputable university in Tunisia, and I did not know about the TCP/IP details that Stevens exposed.
I wished Stevens were still alive so he could write the second version himself. The first edition – around 1994- was a bit outdated and did not contain topics like IPv6 or DHCP. That’s why I recommend the second version, which is great too. I used it as an invaluable complementary study guide.
CBT Nuggets Quickstart Into Wireshark. This course has been remold into this.
INE Wireshark Technologies. Here
I do not recommend it. It is boring and does not have a comprehensive learning structure. There are too few text slides and the camera is most of the time centered on the instructor.
TCP/IP Guide. Here.
Other study resources
- Udemy Wireshark Crash Course (here).
- Udemy WCNA course from HowToNetwork (here).
- Calculating IP checksum. Here
- Basic tutorial for Wifi Chanalyzer. here.
- Disabling Checksum verification. Link.
- Understanding SIP Via header here.
- Chanalizer for Wifi and Zigbee (link)
- Some related Pluralsight courses, since I have a corporate account (thanks to NTT Ltd).
Equipement and software
- A laptop with 16GB RAM.
- A Huawei Media Pad M5 Lite to study on the go or while laying on the couch
- Vmware Fusion. It is free.
- a Windows 10 evaluation image, which you can download from Microsoft directly for free. I needed a Windows environment, because the Wireshark WCNA exam seems to me to focus on a Windows environment.
Why I chose to study for the Wireshark WCNA exam
The WCNA exam is not as popular as Cisco or Comptia exams. But the exam itself circles around building a solid foundation of TCP/IP.
I first read about the Wireshark WCNA exam in 2014. Back then I was not serious about it.
As part of the IT team of Zitouna Bank, I participated in the past in installing a variety of network and security gear. But sometimes something does not go well and you get stuck in a technical problem where a solid knowledge of TCP/IP could have told what was going on on the wire.
Even our network consultants, when they discover the problem for the first time, seem like to repeat the same steps we just described to them, and end up with opening a case with the manufacturer.
Besides, I knew nobody in my professional circle who had solid TCP/IP skills, in a way that he would interpret a TCP session from A to Z. The only thing I hear was “here is a TCP SYN” or “the connection was reset because there is a RST packet.”
There is also a trend among network engineers, where they feel they brought something big when they say “Let’s setup Wireshark and see what’s wrong.” In reality, I still haven’t met a network engineer who knew how to interpret packets and find the problem after saving the trace file.
This is not to mention that I used to get biased symptoms and descriptions from end users, which confuse and make you waste some time.
In addition, in my daily job I am fed up of the “guess work” that many network technicians are doing when they are troubleshooting a network incident. They base their logic often on intuition. And intuition without solid experience is delusion.
Just like a good doctor does an accurate analysis based on x-rays or cardiograms, a good network engineer must be able to interpret bits and packets and give reliable answers.
One last reason to pursue the Wireshark WCNA exam is, that I am fed up of reading stories of CCIE graduates who still struggle with TCP/IP protocols. If someone is a Cisco Internetwork Expert, then he must have learned TCP/IP on a deep fucking level. Otherwise, he does not really deserve the title of expert.
I won’t write any technical articles around my Wireshark studies. I noticed that I forget a lot, even if I write a detailed tutorial. What I need is a constant exposure to the content, and blogging did not help me across the years.
In fact, I had the experience with the last certification exam I’ve passed, the Cisco ACI exam. Although I’ve read multiple resources on the topic and wrote many articles, I know have forgotten a lot of the details. And my current job role does not help me go deep into ACI. So, just like any normal human mind, my memory tends to delete things.
In the past, I’ve also leveraged mind maps to summarize key words and topics. With Wireshark WCNA, there are no that much of special keywords inherent to Wireshark, because it is almost focused on the tool and on the TCP/IP protocols.
So, I am not going to develop mind maps for Wireshark WCNA, but rather for the protocols themselves or enrich the previous ones I designed in my past certification studies. Something will be new here however; I am going to consistently build Anki flashcards, I mean any questions that relate to Wireshark or to TCP/IP protocols, I will document it and share the deck on the Anki website.
Why? Because I recently realized that with repetitive exposure to the flashcards, I was able to force my memory to retrieve memory files frequently, thus being able to recall topics faster, and also yawn a lot.
And as I have bought an decent android tablet with wireless NIC, I’ve installed Anki on it to be able to practice my flashcards, in addition to practicing on my smartphone.
There are a lot of concepts and mechanisms in TCP/IP.
I’ve come to realize that, to deeply learn Wireshark, and generally in the networking industry, I should consider it just like medical studies; I do not need to be a talented mind. I need to train my mind and memory each day through flashcards, and be fucking very patient.
I’ve realized that network protocols could be compared to how the human body works: there are rules by which every cell works.