Network Traffic Analysis with Wireshark (5cr)

Objective

The learning objectives of this course are to set up a functional Wireshark environment, develop proficiency in the basic use of Wireshark, and apply Wireshark to analyze and evaluate network functionality and security. After completing the course, the student will be able to deploy and use Wireshark to analyze network traffic and to identify and troubleshoot network issues and security problems.

Content

This course focuses on the professional use of Wireshark for network traffic analysis in a cybersecurity context. You will learn how to examine real packet captures, identify suspicious activity, validate normal versus abnormal behavior, and support incident detection and investigation efforts. Through hands-on analysis, the course strengthens your ability to think analytically, interpret evidence, and make informed security decisions based on network data. All practical exercises in this course are conducted in a virtualized lab environment using Kali Linux running in Oracle VirtualBox. This setup provides a safe, isolated, and reproducible platform for capturing and analyzing network traffic without impacting production systems. By working in a virtual environment commonly used by cybersecurity professionals, you will gain hands-on experience that closely reflects real-world security analysis and investigation scenarios. By mastering Wireshark in this controlled environment, you will develop practical skills that are directly applicable to modern cybersecurity operations, incident response, and network defense.

Qualifications

This course is intended for undergraduate and graduate students who want to build a solid foundation in network security. It is especially relevant for students in: Computer Science and Information Technology – to strengthen their technical skills in secure system and network design. Engineering Programs – where control systems, IoT, and industrial networks require security by design. To successfully complete this course, students are expected to have a basic understanding of computer networks and operating systems. Familiarity with fundamental networking concepts such as IP addressing, TCP/IP, and common network services is recommended. Basic experience with Linux command-line usage is beneficial, as the practical exercises are conducted primarily in a Kali Linux environment. While other Linux distributions may also be used for network traffic analysis, Kali Linux is the preferred platform for this course to ensure consistency with the provided instructions and tools. Prior exposure to virtualization technologies (such as VirtualBox) is helpful but not required, as guidance for setting up the virtual lab environment will be provided. No prior experience with Wireshark is required. The course is designed to build practical network traffic analysis skills progressively, with an emphasis on cybersecurity applications.

Assessment criteria, approved/failed

Grading is pass/fail. To pass this course Complete all required practical exercises. Attempt all module review tests. Pass the final exams with a score of at least 70%. Failure to complete any mandatory component will result in an incomplete course status, even if other elements are completed successfully.