In this article I explain how I am preparing for the Wireshark WCNA exam.
1- Laura Chappell’s WCNA Official Study Guide (here)
This is one of the best certification study guides I’ve ever read in IT. I loved Laura’s writing style. She sounds friendly and relaxed. No dry text. It sounds as if she is blogging not writing a technical book, which is nice.
2- Stevens’ TCP/IP Illustrated, Vol.1, 2nd Edition (here)
Preparing for the Wireshark WCNA exam requires solid TCP/IP knowledge. Unfortunately, this is one of missing points in the official study guide. So I searched the internet for a reliable source for TCP/IP knowledge.
Richard Stevens is to me the best TCP/IP teacher that ever lived on Earth. He explains the TCP/IP stack to a T, using Unix. Even though I have a basic Linux experience (yet), I had no big difficulties following along with his examples. I was excited and ashamed at the same time. Ashamed because I graduated as a network engineer from a reputable university in Tunisia, and I did not know about the TCP/IP details that Stevens exposed.
I wished Stevens were still alive so he could write the second version himself. The first edition – around 1994- was a bit outdated and did not contain topics like IPv6 or DHCP. That’s why I recommend the second version, which is great too. I used it as an invaluable complementary study guide.
3- Official Wireshark Book’s capture files
These files are a must. You won’t understand the material without opening the official trace files in parallel to reading the book. The official trace files are available here.
4- Wireshark Official Exam Prep Guide
A must have to have a idea on the type of questions that can come on the exam. Good explanations too.
5- CBT Nuggets Quickstart Into Wireshark.
This course has been remold into this. I watched a couple of CBT Nuggets only once.
6- INE Wireshark Technologies. Here
I do not recommend it at all. It is boring and does not have a comprehensive learning structure. There are too few text slides and the camera is most of the time centered on the instructor.
7- TCP/IP Guide. Here.
I used the TCP/IP Guide to complement my studies on HTTP, SMTP and POP.
8- Other study resources
- Udemy Wireshark Crash Course (Here
- Basic tutorial for Wifi Chanalyzer. here.
- Disabling Checksum verification. Link.
- Understanding SIP Via header here.
- Chanalizer for Wifi and Zigbee (link)
- Some related Pluralsight courses, since I have a corporate account (thanks to NTT Ltd).
I thought at first I would need more than one PC to perform Wireshark actions. I first installed Wireshark on my Linux home PC. Then I figured out that the book references Wireshark on Windows mainly, especially when it has to do with configuration profiles, directory and files. So I installed Vmware Fusion on my corporate laptop, added a Windows 10 eval image on it, and installed Wireshark in it.
Of course I ran no live capture on my corporate computer at all. If I would do it, I would need an explicit authorization. I ran live captures only on my Linux home PC.
Equipement and software
- A laptop with 16GB RAM.
- A Huawei Media Pad M5 Lite to study on the go or while laying on the couch
- Vmware Fusion. It is free.
- a Windows 10 evaluation image, which you can download from Microsoft directly for free.
Why I chose to study for the Wireshark WCNA exam
The WCNA exam is not as popular as Cisco or Comptia exams. But the exam itself circles around building a solid foundation of TCP/IP.
I first read about the Wireshark WCNA exam in 2014. Back then I was not serious about it.
As part of the IT team of Zitouna Bank, I participated in the past in installing a variety of network and security gear. But sometimes something does not go well and you get stuck in a technical problem where a solid knowledge of TCP/IP could have told what was going on on the wire.
Even our network consultants, when they discover the problem for the first time, seem like to repeat the same steps we just described to them, and end up with opening a case with the manufacturer.
Besides, I knew nobody in my professional circle who had solid TCP/IP skills, in a way that he would interpret a TCP session from A to Z. The only thing I hear was “here is a TCP SYN” or “the connection was reset because there is a RST packet.”
There is also a trend among network engineers, where they feel they brought something big when they say “Let’s setup Wireshark and see what’s wrong.” In reality, I still haven’t met a network engineer who knew how to interpret packets and find the problem after saving the trace file.
This is not to mention that I used to get biased symptoms and descriptions from end users, which confuse and make you waste some time.
In addition, in my daily job I am fed up of the “guess work” that many network technicians are doing when they are troubleshooting a network incident. They base their logic often on intuition. And intuition without solid experience is delusion.
Just like a good doctor does an accurate analysis based on x-rays or cardiograms, a good network engineer must be able to interpret bits and packets and give reliable answers.
One last reason to pursue the Wireshark WCNA exam is, that I am fed up of reading stories of CCIE graduates who still struggle with TCP/IP protocols. If someone is a Cisco Internetwork Expert, then he must have learned TCP/IP on a deep fucking level. Otherwise, he does not really deserve the title of expert.
I won’t write any technical articles around my Wireshark studies. I noticed that I forget a lot, even if I write a detailed tutorial. What I need is a constant exposure to the content, and blogging did not help me across the years.
In fact, I had the experience with the last certification exam I’ve passed, the Cisco ACI exam. Although I’ve read multiple resources on the topic and wrote many articles, I know have forgotten a lot of the details. And my current job role does not help me go deep into ACI. So, just like any normal human mind, my memory tends to delete things.
In the past, I’ve also leveraged mind maps to summarize key words and topics. With Wireshark WCNA, there are no that much of special keywords inherent to Wireshark, because it is almost focused on the tool and on the TCP/IP protocols.
So, I am not going to develop mind maps for Wireshark WCNA specifically, but rather for the protocols themselves or enrich the previous ones I designed in my past certification studies. Something will be new here however; I am going to consistently build Anki flashcards, I mean any questions that relate to Wireshark or to TCP/IP protocols, I will document it and share the deck on the Anki website.
Why? Because I recently realized that with repetitive exposure to the flashcards, I was able to force my memory to retrieve memory files frequently, thus being able to recall topics faster, and also yawn a lot.
And as I have bought an decent android tablet with wireless NIC, I’ve installed Anki on it to be able to practice my flashcards, in addition to practicing on my smartphone.
There are a lot of concepts and mechanisms in TCP/IP.
I’ve come to realize that, to deeply learn Wireshark, and generally in the networking industry, I should consider it just like medical studies; I do not need to be a talented mind. I need to train my mind and memory each day through flashcards, and be fucking very patient.
I’ve realized that network protocols could be compared to how the human body works: there are rules by which every cell works.
- Check monitor mode in Linux
- Installing Vmware Workstation on Linux Mint. Link.
- Free Maxmind databases. Here.
- Anki to create and review flashcards. You can access my flashcards for free here.
Not all study sessions were happy and glorious. I had a lot of doubts, frustration, tendency to postpone studying and even feelings of disgust. I was on many occasions feeling miserable. Waking early to study was painful. Studying in public transportation was even more painful, after a day at work. I sometimes wanted to push one more minute of studying or one more paragraph, just to prove to myself that I can hold on. That’s it. It is not easy to commit each day to study for a cert that you know won’t weigh on the CV. I wanted the knowledge that comes with the cert however. And the cert was a cool thing to have.
Update on 19.04.2021
I passed the exam, Alhamdulillah! It was at the CMT testing center, which is an approved Kryterion testing facility:
I had a pleasant experience. I was offered the possibility to start the exam earlier than scheduled, which was very convenient; I needed to get back to the office as soon as possible.
The exam content was fair. There were no big surprises. If you study rigorously and use the material I mentioned above you will very likely to pass the exam on the first try.
The only stress factors were:
- the room temperature was cold, and I was wearing a T-shirt!
- I was wearing an FFP2 mask the whole time in the testing facility and in the testing room. Since I was wearing eye glasses, the steam generated from breathing made the glasses fuzzy. I found my way around it by adjusting the position of the mask a little bit upwards, so that breathing steam goes from the lower part of the mask
- I won’t stress the point that I was fasting (it’s Ramadan). That is a duty and I shall not consider it as a stress factor.
- I did not know the number of questions to expect! I thought they were 60. Then came question 61. Then I thought they were 70. Then came question 71. Shit. I went on this frustration upwards, until I said to myself “I am going to bang all the questions they shoot at me!” The game continued up to question 100.
The exam duration was 120 minutes. I finished it within 83 minutes. There was no score. Only pass or fail. I expected a test report as I left the testing room. The receptionist said I shall get nothing on paper; everything occurs per Email.
Indeed, I received my pass result per Email:
This journey took me around eight months to finish. I learned a ton about TCP/IP. I never though I was so ignorant on such a big topic, even after more than a decade of working in computer networking.
All praise to Allah for giving me the opportunity, energy and time to achieve this certification.