Wireshark Tutorial: Wireshark Workshop Videos Now Available

A conceptual image representing Wireshark Tutorials.

This post is also available in: 日本語 (Japanese)

Executive Summary

Wireshark is a tool used to review packet captures (pcaps) of network activity. Since 2018, I have written various Wireshark tutorials and conducted in-person workshops at conferences across the globe. My in-person workshops were designed to help people in information security roles use Wireshark to review traffic from Windows-based malware infections.

Since early 2020, travel restrictions due to COVID-19 (the coronavirus) have halted these in-person workshops. Due to this setback, we want to announce an initial series of video tutorials developed to replicate most aspects of these formerly in-person workshops.

Wireshark Workshop Videos

The following are the first five videos of our Palo Alto Networks Unit 42 Wireshark Workshop:

Part 1: Introduction and Prerequisites - 14 minutes and 5 seconds

Part 2: Setting Up Wireshark - 23 minutes and 36 seconds

Part 3: Host Identification - 30 minutes and 19 seconds

Part 4: Non-Malicious Activity - 45 minutes and 38 seconds

Part 5: Introductions to Windows Malware Infections - 39 minutes and 11 seconds

These videos are designed to be watched sequentially, starting with “Part 1: Introduction and Prerequisites.” After Part 1, each workshop video builds on material covered in the previous video(s).

As the opportunity arises, I will create more Wireshark Workshop videos. Future videos will focus on traffic from specific families of Windows-based malware, and some will cover traffic from other malicious activities like phishing websites.

Supporting Material

Pcaps used for these Wireshark Workshop videos are available at this GitHub repository. The repository also contains PDF files of slides used for the workshop videos.

Wireshark Tutorials as Supplemental Material

The following Wireshark Tutorials were published before this initial series of Wireshark Workshop videos:

Combined with our five workshop videos, these Wireshark tutorials can help security professionals better understand Wireshark and various types of Windows-based malware infections.


This blog announced an initial series of five video tutorials for a Unit 42 Wireshark Workshop. These videos are designed to help people use Wireshark to review traffic from Windows-based malware infections. Combined with WIreshark Tutorials already published by Palo Alto Networks Unit 42, these videos can help security professionals build their skills in analyzing malicious traffic caused by Windows-based malware.