Network analysis with proof: Wireshark Foundation now offers certification
If you want to prove your ability with Wireshark, you can now take an exam and obtain an official certificate from the Wireshark Foundation.
(Image: Wireshark)
- Benjamin Pfister
The Wireshark Foundation has published the first official certification for the popular open-source protocol analysis tool Wireshark: the Wireshark Certified Analyst (WCA). For this, candidates must pass the WCA-101 exam. It is aimed at IT and network specialists with a solid grounding in network technology who want to prove their vendor-neutral skills in protocol analysis and troubleshooting with Wireshark.
In this hands-on workshop, admins deepen their Wireshark knowledge by analyzing real-world network problems and security threats in anonymized case studies. The focus is on hands-on troubleshooting in network protocols such as IP, Ethernet, ICMP, HTTP and UDP. This includes analyzing the TCP handshake as well as investigating performance problems with TCP connections. In addition, participants will learn how to extract user data with self-developed scripts and record specific packets with extended capture filters in the long term. Registration and dates at heise.de/s/m1eL0
Unlike other manufacturer certifications, this is not about parameterizing the components via command line or GUI. The exam covers five central areas: the effective use of Wireshark functions, the capture and filtering of network traffic, the customization of the user interface and the analysis of common network protocols such as Ethernet, IP, ARP/ND, UDP/TCP, DNS or DHCP.
The exam comprises 50 to 60 questions in various formats, including multiple choice and cloze tests. It lasts around 120 minutes, can be retaken every 15 days and costs 349 US dollars per attempt. Those who pass receive official proof in the form of WCA certification, which is valid for three years.
Videos by heise
It is not just about using Wireshark as a tool as effectively and efficiently as possible. Rather, the certification is intended to prove that analysts understand data flows in networks with the underlying protocols. Within the protocols, the analysts should develop an understanding of the header content to be able to recognize anomalies later on. The curriculum also provides the candidate with an understanding of the current methods for recording data streams in networks and their respective advantages and disadvantages.
(mho)
