+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 55
  1. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #1

    Default Wireshark Certified Network Analyst (WCNA)

    There's not a whole lot of discussion here about this certification so I thought I might drop my few cents around. I passed this exam today after ordering the official study guide a couple of months back as well as the prep guide last month. Both were quite helpful. I hadn't actually given serious thought to pursuing the certification until this month. I've been using Ethereal / Wireshark for some years now so it's not like I went into studying for the WCNA cold, but I definitely did pick up some extra juicy nuggets of info here and there. I've also been conducting training sessions at work on this same topic so the reinforcement helped.

    In short, if you know your protocol basics (IP, TCP, UDP, ICMP, and common ones like DNS, DHCP, ARP, HTTP, etc.) you should have a good majority of the exam covered. You don't need to be able to recite the RFCs, but in addition to knowing Wireshark as a tool you'll need a solid understanding of how everyday protocols work at a general level. The two books are very useful and if you're relatively new to protocol analysis, I highly recommend them, especially for the WCNA exam.

    (Note that the official Wireshark study guide has a few errors here and there, so if you're reading through it be sure to check the errata:
    http://www.wiresharkbook.com/updates.html)

    Now that said, I didn't ace the exam. I did manage to pass it in 30 minutes, but it's not like I easily knocked down every bowling pin down the alley. I think the exam was pretty fair and you need to be detail-oriented (after all, it's protocol analysis) because when reviewing a network trace, one flipped bit in a field can make all the difference.

    In general, it's my belief that being able to read and analyze network traffic is an extremely valuable skill. Sure, a lot of people can get by without it, but even if you're doing desktop support, I think it provides immediate evidence of something not behaving the way it should and you most likely will be able to point the finger directly to the offending host / router / user / application rather than making vague assessments like, "Seems to work after rebooting." This is especially true for the folks on the networking track (CCNA, etc.). While the CCNA may introduce you to subnetting, addressing, switching, routing, etc., it does not get into the protocols themselves that much. If you're serious about being a good network engineer, you should at least be able to comb through a trace file pretty competently. It'll put things in perspective that much better as you develop your career.

    I didn't really pursue the WCNA for its marketing qualities in general. While it adds another four letters to my resume, practically no one knows what a WCNA is (yet, at least). Someone will probably guess that I misspelled CWNA. If you're going the security route, consider this cert as an opportunity to develop your ProtocolAnalysis-Fu because interpreting bits on the wire is an important part of the job.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member Registered Member
    Join Date
    Sep 2010
    Location
    Inside the OSI model
    Posts
    9

    Certifications
    Security+, Network+
    #2
    Thanks for the post I did not know such a cert existed for Wireshark. I definitly agree it is a great tool for networking and the security route. BTW I like that wireless offensive security cert you have I definitely want to get one of those certs after I graduate...gotta love BT.

    Oh btw congrats on the WCNA cert!
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jan 2006
    Location
    USA
    Posts
    584

    Certifications
    CISSP
    #3
    Great review, I have considered this certification as a good foundation of information.
    Reply With Quote Quote  

  5. Senior Member jovan88's Avatar
    Join Date
    May 2008
    Location
    Sydney, Australia
    Posts
    388

    Certifications
    CCNP R&S, CCNP Sec
    #4
    congrats, I think this is something a lot of us will want to achieve
    Reply With Quote Quote  

  6. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #5
    There was a thread all about this a couple months ago, I wonder if I can find it for you.
    Reply With Quote Quote  

  7. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #6
    Quote Originally Posted by docrice View Post
    In general, it's my belief that being able to read and analyze network traffic is an extremely valuable skill. Sure, a lot of people can get by without it, but even if you're doing desktop support, I think it provides immediate evidence of something not behaving the way it should and you most likely will be able to point the finger directly to the offending host / router / user / application rather than making vague assessments like, "Seems to work after rebooting." This is especially true for the folks on the networking track (CCNA, etc.). While the CCNA may introduce you to subnetting, addressing, switching, routing, etc., it does not get into the protocols themselves that much. If you're serious about being a good network engineer, you should at least be able to comb through a trace file pretty competently. It'll put things in perspective that much better as you develop your career.
    ...

    Someone will probably guess that I misspelled CWNA. If you're going the security route, consider this cert as an opportunity to develop your ProtocolAnalysis-Fu because interpreting bits on the wire is an important part of the job.
    From the database/developer side I would argue the same is true. It is a very important, undervalued skill. I will not be working on the cert, but I may look into the study material.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #7
    Quote Originally Posted by wastedtime View Post
    Great review, I have considered this certification as a good foundation of information.
    I second this. I think your write up was great. Do you feel like you learned to be a better analyst by going through the material or was it all review for someone at your career/experience level? I am seriously thinking about giving this one a go. It looks interesting and the information seems valuable. I am wondering about the value of the cert however.

    Edit: I was thinking of using this cert as a good intro cert to the GCIA.
    Reply With Quote Quote  

  9. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #8
    Quote Originally Posted by Bl8ckr0uter View Post
    It looks interesting and the information seems valuable. I am wondering about the value of the cert however.
    I agree about questioning the value of the cert. But I think for someone trying to break into the info sec area it might have some value as well as for those trying to break into networking as it might set them apart from the typical Net+/CCNA types.

    If I were looking for an entry level Windows admin and I got someone's resume with this and say a Net+ and MCTS or MCP I would likely want to interview them as this shows some real initiative and indicates a likelyhood of depth of knowledge.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #9
    Quote Originally Posted by RobertKaucher View Post
    I agree about questioning the value of the cert. But I think for someone trying to break into the info sec area it might have some value as well as for those trying to break into networking as it might set them apart from the typical Net+/CCNA types.

    If I were looking for an entry level Windows admin and I got someone's resume with this and say a Net+ and MCTS or MCP I would likely want to interview them as this shows some real initiative and indicates a likelyhood of depth of knowledge.
    That's interesting - especially coming from you since you were just in a hiring someone (correct?).

    If the IT/hiring/recruiting manager was also a techie or at least savvy, the words wireshark and "network analyst" should help move the resume up a bit. The cost of the material seems kind of high. I have to look over the cpe aspect of the cert but I think it was relatively straight forward. I think someone going for it should also study other packet capture methods (tcpdump/windump etc). I believe in the other thread(s) about this cert someone said it was more "network analyst" than "wireshark".
    Last edited by Bl8ckr0uter; 09-29-2010 at 02:52 AM.
    Reply With Quote Quote  

  11. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #10
    Quote Originally Posted by Bl8ckr0uter View Post
    Do you feel like you learned to be a better analyst by going through the material or was it all review for someone at your career/experience level? I am seriously thinking about giving this one a go. It looks interesting and the information seems valuable. I am wondering about the value of the cert however.

    Edit: I was thinking of using this cert as a good intro cert to the GCIA.
    The bulk of the material was review for me, but it did fill in a number of knowledge gaps here and there and it definitely improved my understanding of the tool in areas / features which I don't normally use. I think it's for sure a good introductory course for packet analysis. If you've already got experiencing look at traffic and pretty solid with TCP/IP, then I don't think it's necessary for the GCIA. There's a short assessment quiz for the GCIA to see if you have the foundation for it:

    http://www.sans.org/security-training/tcpip_quiz.php

    A good portion of the book covers Wireshark itself, but it all folds together in approaching the job as a network analyst. While you have to understand the traffic flow, you also have to know your tools to dissect it efficiently. Tcpdump / windump shares much in common with Wireshark / Tshark / etc. as they both use the same capture filtering syntax (BPF). Stuff like byte offset filtering, etc., are part of the picture.

    While the cost of the exam is a bit on the high side compared to your associate-level Cisco exam, the subject material is rather unique. I think a practical component of the test would help validate the WCNA further since multiple-question formats make it somewhat artificially easier.
    Reply With Quote Quote  

  12. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #11
    Great job in passing the test and reviewing it here!

    by the way what were your study habits for this exam? hours per day? labs?

    i guess the labs come with the book, ok i probably answered my own question here
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  13. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #12
    I'd say maybe a couple of hours per day, no labs specifically for the exam since I look at the wire daily at my job anyway. The two books certainly helped though. I highly recommend them.
    Reply With Quote Quote  

  14. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #13
    Thanks for the review good information as I eventually intend to pursue this certification in hopes of picking up new knowledge.
    Reply With Quote Quote  

  15. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #14
    Congratulations on the Pass!!

    Nice Review
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #15
    Quote Originally Posted by docrice View Post
    The bulk of the material was review for me, but it did fill in a number of knowledge gaps here and there and it definitely improved my understanding of the tool in areas / features which I don't normally use. I think it's for sure a good introductory course for packet analysis. If you've already got experiencing look at traffic and pretty solid with TCP/IP, then I don't think it's necessary for the GCIA. There's a short assessment quiz for the GCIA to see if you have the foundation for it:

    SANS Institute - Basic TCP/IP & Hex Knowledge Quizzes

    A good portion of the book covers Wireshark itself, but it all folds together in approaching the job as a network analyst. While you have to understand the traffic flow, you also have to know your tools to dissect it efficiently. Tcpdump / windump shares much in common with Wireshark / Tshark / etc. as they both use the same capture filtering syntax (BPF). Stuff like byte offset filtering, etc., are part of the picture.

    While the cost of the exam is a bit on the high side compared to your associate-level Cisco exam, the subject material is rather unique. I think a practical component of the test would help validate the WCNA further since multiple-question formats make it somewhat artificially easier.

    Thanks for the pointers. What's up next for you?
    Reply With Quote Quote  

  17. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #16
    Quote Originally Posted by Bl8ckr0uter View Post
    Thanks for the pointers. What's up next for you?
    CCNA Wireless before moving onto the CCNP / CCSP since they're both going through revisions anyway. Maybe really finish up the 1DCPT final submission and finish the eCPPT course (although I might not go through the exam portion).

    Lots of work ahead before the year's over...
    Reply With Quote Quote  

  18. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #17
    Here is the other thread about this exam.

    Wireshark Cert. Net. Analyst- Official Exam Prep Guide
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #18
    Quote Originally Posted by docrice View Post
    CCNA Wireless before moving onto the CCNP / CCSP since they're both going through revisions anyway. Maybe really finish up the 1DCPT final submission and finish the eCPPT course (although I might not go through the exam portion).

    Lots of work ahead before the year's over...
    Just curious but what do you do? You seems to kill the certs.
    Reply With Quote Quote  

  20. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #19
    Quote Originally Posted by Bl8ckr0uter View Post
    Just curious but what do you do? You seems to kill the certs.
    I should probably clarify a bit - while I'm planning on sitting for the CCNA Wireless exam in one month, I don't intend to start on the CCNP track until next year. I might start on one or two of the CCSP exams in a couple of months, assuming the study material is available for the revised track.

    I already went through the 1DCPT course, but my final report (exam) is still in beta. The eCPPT I've dove into a bit, but I'm nowhere near complete. Getting certified in the eCPPT and the 1DCPT is not a "must" goal of mine (the knowledge is more important to me in this case).

    The certs I've been getting lately are the relatively easy ones, which explains why I've been pushing through them. I'm no packet ninja, but I use Wireshark almost daily to some degree which is why the WCNA exam wasn't all that difficult for me.

    My title at work is Sr. Systems Engineer. I'm still unsure what this means. I just know it deals with computers or something.
    Reply With Quote Quote  

  21. wibble! bertieb's Avatar
    Join Date
    Jun 2007
    Location
    Up and down the UK
    Posts
    1,029

    Certifications
    MCSE:CP&I, SI, MCITPx2, MCSAx2, MCTSx7, VCP6/5/4/3(DCV), EMCISA, Sec+, ITILv3F, legacy MS
    #20
    I'll chime in with my thoughts - I agree with everyone else's feedback. That was a great review, thanks for posting.

    Oh yeah, and congrats on the pass.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #21
    Quote Originally Posted by docrice View Post
    I should probably clarify a bit - while I'm planning on sitting for the CCNA Wireless exam in one month, I don't intend to start on the CCNP track until next year. I might start on one or two of the CCSP exams in a couple of months, assuming the study material is available for the revised track.

    I already went through the 1DCPT course, but my final report (exam) is still in beta. The eCPPT I've dove into a bit, but I'm nowhere near complete. Getting certified in the eCPPT and the 1DCPT is not a "must" goal of mine (the knowledge is more important to me in this case).

    The certs I've been getting lately are the relatively easy ones, which explains why I've been pushing through them. I'm no packet ninja, but I use Wireshark almost daily to some degree which is why the WCNA exam wasn't all that difficult for me.

    My title at work is Sr. Systems Engineer. I'm still unsure what this means. I just know it deals with computers or something.
    I think you were pretty clear in your answer before. I was asking what you did because I have been reading some of your post and I was curious.
    Reply With Quote Quote  

  23. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #22
    Nice review! Is the book enough to study for it if you have very little experience with Wireshark?
    Currently working on: Resting
    Reply With Quote Quote  

  24. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #23
    Quote Originally Posted by Bl8ckr0uter View Post
    I was asking what you did because I have been reading some of your post and I was curious.
    I manage a relatively small (but complex) network environment with a lot of moving parts to simulate many use-case scenarios for my company's software and services. This means I cover Active Directory, Cisco, Linux, VPN appliances, AAA, and other miscellaneous stuff as needed. To echo another thread on the forum, skillset-wise I'm relatively wide and only somewhat deep. I have my hands in a lot of cookie jars (layers 1 through 7), but over time in my career I've noticed that there are some basics that I missed out on because I do "a little of a lot." This is one of the reasons I decided to pursue a formal certification route to help fill in those gaps.

    I think the WCNA was a good example. I'm pretty fluent with packet analysis basics, but actively going for the cert allowed me to pick up on small details that I totally missed out on before. I'm pretty sure we've all been there when we thought we were on top of our game on a piece of technology and then someone walks by and points out a setting that's been staring at us in the face for years that we never bothered to explore.

    So on an average day, I'll be looking through the firewall syslogs and EtherApe output to check for abnormal protocols running through the network, writing technical documentation, conducting training sessions (on protocol analysis, for example), setting up new test AD domains, working with other department teams to isolate connectivity / authentication / software issues, setting up new Linux boxes, re-configuring the various VPN appliances we test with, expanding the virtualization environment, taming the spaghetti monster (or at least that's what it's starting to look like), troubleshooting a customer escalation, and apparently spending some quality time on techexams.net. The term "computer handyman" comes to mind.

    Quote Originally Posted by veritas_libertas View Post
    Nice review! Is the book enough to study for it if you have very little experience with Wireshark?
    I think the official study guide is solid enough to hold its own for the exam, although I also do recommend getting the prep guide. Those two should be good enough to get an idea what the exam covers. That said, for anyone who doesn't have experience doing packet analysis, expect to spend a lot of time looking at traces. There's no substitute for doing the actual work. Even if you are good at book studying / cramming, you owe it to yourself to actually be able to do the work efficiently.
    Reply With Quote Quote  

  25. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #24
    I think I might do this one for funzies.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #25
    Well I ordered my Wireshark book today. It should be here in 2 days. I am still waiting on my LPIC in a nutshell to arrive to this might be something to kill some time.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks