Network Traffic Analysis with Wireshark (5cr)

Evaluation scale

Pass/Fail

Content scheduling

First all of four (4) Sections have to been done in order and after that Final Exam.

Objective

The learning objectives of this course are to set up a functional Wireshark environment, develop proficiency in the basic use of Wireshark, and apply Wireshark to analyze and evaluate network functionality and security. After completing the course, the student will be able to deploy and use Wireshark to analyze network traffic and to identify and troubleshoot network issues and security problems.

Content

This course focuses on the professional use of Wireshark for network traffic analysis in a cybersecurity context. You will learn how to examine real packet captures, identify suspicious activity, validate normal versus abnormal behavior, and support incident detection and investigation efforts. Through hands-on analysis, the course strengthens your ability to think analytically, interpret evidence, and make informed security decisions based on network data. All practical exercises in this course are conducted in a virtualized lab environment using Kali Linux running in Oracle VirtualBox. This setup provides a safe, isolated, and reproducible platform for capturing and analyzing network traffic without impacting production systems. By working in a virtual environment commonly used by cybersecurity professionals, you will gain hands-on experience that closely reflects real-world security analysis and investigation scenarios. By mastering Wireshark in this controlled environment, you will develop practical skills that are directly applicable to modern cybersecurity operations, incident response, and network defense.

Location and time

Course can be done in own pace and the workspace in Metropolia's Moodle guides the completion of the course modules. The course includes videos. Any additional software will be provided or is generally freely available. Our module websites comply with web standards, and any modern browser is suitable for most activities. It’s also possible to access some module materials on a mobile phone, tablet device or Chromebook. However, as you may be asked to install additional software or use certain applications, you’ll also require a desktop or laptop, as described above.

Materials

Can be find via Moodle workspace.

Teaching methods

Course is 100% online (self-study) course which can be done in own pace. In the Moodle environment, successful completion of the course requires students to actively engage with the learning materials and assessments. The following elements are typically included: Lesson and chapter Quizzes - The course chapters are divided into lessons. Most lessons end with a review, and an online quiz. - The next chapter becomes accessible only after the quiz of the previous chapter is successfully completed or all attempts have been used. The passing grade is 70%, and the quiz can be attempted up to three times. Assignments / Lab Exercises - Practical tasks using Wireshark. Final Assessment - A comprehensive exam (quiz-based) at the end of the course, completed in Moodle. The passing grade is 70%, and the quiz can be attempted up to three times. - May include both theoretical and practical components. Completion Tracking - Moodle’s completion tracking ensures students can monitor their progress. - Completion criteria are clearly defined for each activity (e.g., “Quiz score ≥ 70%”).

Employer connections

N/A

Exam schedules

Can be find via Moodle workspace.

International connections

N/A

Completion alternatives

N/A

Student workload

Depends on Student starting level.

Qualifications

This course is intended for undergraduate and graduate students who want to build a solid foundation in network security. It is especially relevant for students in: Computer Science and Information Technology – to strengthen their technical skills in secure system and network design. Engineering Programs – where control systems, IoT, and industrial networks require security by design. To successfully complete this course, students are expected to have a basic understanding of computer networks and operating systems. Familiarity with fundamental networking concepts such as IP addressing, TCP/IP, and common network services is recommended. Basic experience with Linux command-line usage is beneficial, as the practical exercises are conducted primarily in a Kali Linux environment. While other Linux distributions may also be used for network traffic analysis, Kali Linux is the preferred platform for this course to ensure consistency with the provided instructions and tools. Prior exposure to virtualization technologies (such as VirtualBox) is helpful but not required, as guidance for setting up the virtual lab environment will be provided. No prior experience with Wireshark is required. The course is designed to build practical network traffic analysis skills progressively, with an emphasis on cybersecurity applications.