The Wireshark Certification Program strives to test a candidate’s knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing traffic captured with the world’s most popular and widely-deployed analyzer, Wireshark.
Having completed the WCNA certification exam recently, I thought it would be worth writing about for others that might consider studying for it. If you have listened to the Packet Pushers Podcast Show 108 with Gerald Combs, you know something about the WCNA program already. To obtain the WCNA certification you need to pass a single written exam.
The WCNA prerequisites and materials that can be used are listed below:
- Basic knowledge of networking;
- Wireshark Certified Network Analyst Study guide;
- Wireshark Certified Network Analyst Exam prep guide;
- Online courses;
- Instructor-led courses;
- Self-paced courses;
- Experience with Wireshark.
All of these materials can be found at the Wireshark University site. I ordered both the study and exam preparation guides. The exam prep guide ships with a CD-ROM containing practice questions.
Is it worth ordering these books and studying for the WCNA certification?
If you ask me, it is definitely worth it. After all, it makes you a better engineer. The following topics are covered.
- Depending on your knowledge level, the books will be easy to go through. You will learn basic and advanced usage of Wireshark. For example, from one graph that you can pull out of a 20K packet dump, you can learn how to spot window size problems. Learning how to use advanced I/O graphs and spotting QoS issues makes life a lot easier.
- The materials come with example trace files that are also used in the book. This is a very good way for you to learn Wireshark.
- What is the best place in the network to place the network analyzer?
- If you have some protocol knowledge (ARP, FTP, SMTP, POP3, HTTP, DHCP, etc.), you can easily go through some chapters. Even if you think you know these protocols, it is worth going through the materials.
- You learn basic and advanced TCP protocol usage. For example, what happens when TCP synchronizes? Or, what TCP options will be used if different values between both endhosts are “advertised”?
- The book contains real-life examples of troubleshooting issues and how they eventually were resolved – a nice read.
- How to work with the Wireshark display, capture filters, coloring traffic, and marking/deleting packets, plus how to decrypt SSL traffic and RADIUS.
- Analyzing VoIP and wireless performance.
- How to detect security-related events from well-known attacks that are floating around the internet.
These are some example questions I had before I started studying:
- How would you handle a problem that happens only once every 24 hours?
- What external tools are available for Wireshark, and what can they be used for?
- What’s the best way to find “the gem” buried in about 400.000 of packets in your trace files?
- How do you deal with high traffic environments?
- How do protocol dissectors work?
Some, if not all, of these got answered.
What do you get after obtaining the WCNA credentials?
- You will get a nice booklet with information about the WCNA and your WCNA certification number.
- User credentials for the WCNA portal (http://www.wcnaportal.com). The WCNA portal has some cool quizzes and lecture about RFC’s. Using these quizzes and videos, you can earn CPE credits.
- You need to earn 20 CPE credits a year to maintain the credentials.
- A few Wireshark laptop stickers, which is great stuff.
If you need more information about the WCNA program, you can visit the Wireshark University.