I have long held the belief that understanding what is going on from the perspective of the wire is a crucial component for many of us. This ability expedites troubleshooting, aids in design, and helps with our ability to learn to move from one vendor’s product to vendor’s product by giving us a more holistic understanding. For these reasons, I was excited when I learned of the Wireshark Certified Network Analyst Program. On December 18th, 2010, I took and passed the Exam that acknowledged my status as a Wireshark Certified Network Analyst. So I wanted to put together a brief synopsis of my experience.
There are actually several components that make up this certification program. These components include online seminars, instructor led training, video on demand (VoD’s), books, and an exam. Following certification, there is a continuing education requirement as well. Laura Chappell, founder of Wireshark University and Protocol Analysis Institute, is the brains behind the certification program and has authored all of these products. The components that I would like to talk about are the books and the exam. The other thing that I’d like to give an opinion on is the acceptance of the Wireshark Certification into the marketplace.
I have been using Wireshark and its predecessor, Ethereal, for most of the 12 years I’ve been in the networking field. I have also read books on Ethereal in the past. I was curious how much I would pick up by going through this program. I started with the book entitled “Wireshark Network Analysis—The Official Wireshark Certified Network Analyst Study Guide”. I bought this book about three weeks before my exam and was concerned about the size of it.
What I can say is that although this book is a massive 800+ pages, it is actually a quick read. The book is divided up into something like 33 chapters. Each chapter starts out with several key concepts that you might be expected to know and to be tested on. Each chapter ends consistently with three components. The first of these is a customer submitted case study that is relevant to the chapter. This really brings the concepts into a real world scenario. The next thing that I found at the end of each chapter was an area that listed sample captures to analyze on my own. These files can be downloaded collectively from the website that accompanies the book. Each chapter also ends with a few review questions and explanations. I read every chapter of the book as well as the case studies and questions. I did not go through every capture, but there is certainly value in doing so.
I really liked the way that the book was written. I’ll go as far as to say this may be the best networking book I’ve ever read. It was very easy to connect with the author and understand the point that was being conveyed. Even though I already had experience with protocol analysis with Wireshark, I learned a lot of tips and tricks as well as solidified other areas of knowledge in a relatively short amount of time. The chapters were short enough that I could pick the book up and read a chapter anytime that I wanted to. This is simply a top shelf book that I’ll keep as a reference for years. I absolutely appreciate the fact that the decision was made not to make it available on Kindle yet. While I wish I could pay a nominal fee and have an electronic reference, I don’t think I would have got as much out of a Kindle edition of this book. I really like the ability to be able to flip back and forth freely in technical books.
The second book I read was “Wireshark Certified Network Analyst—Official Exam Prep Guide”. Like the first book, this book was authored by Laura Chappell. This book IS available in Kindle format. It is sort of like reading a Boson test. Actually if you purchase the physical book, it comes with an electronic exam on CD so you can practice and assess your knowledge. I’ll admit a few of the questions piqued my interest and I learned some going through this book as well. I certainly don’t find this book as valuable as the “boat anchor”, but I think it is a “must have” if you plan to take the exam. Keep in mind, Laura Chappell wrote the book and is responsible for the exam. Therefore getting your mindset in alignment with this book will likely be very beneficial on the exam.
So that brings us up to the exam. What did I think of the exam? I guess first must say that I have never taken a technical exam that I walked away from saying that is a “great exam”. What I guess I mean is I am very critical of the testing process. I always think an exam is too hard, too easy, that it has bad questions or the bar is set inappropriately. I am probably less critical of this exam than many others I have taken, so take my comments with a grain of salt. I did find the breadth of questions a bit odd. Some questions were very easy. Some were very hard. Some were based on materials, others on experience. A few questions were trivial but required memorization of the interface or capabilities. All questions are covered in the objectives found at the beginning of each chapter, but some things require experience as opposed to memorization. I do believe it validates the test taker’s ability to use Wireshark and Analyze Protocols. The bar might be just a little lower than I expected, but many of the questions are a little more difficult than those found in the test prep guide. The nice thing is that you have 2 hours to complete. I probably spent about an hour and fifteen minutes and actually went through the exam two times.
The final thing that is yet to be determined is how the Wireshark Certification will be accepted into the marketplace. I searched for WCNA on http://www.careerbuilder.com for the previous thirty days and it returned no results. I then followed up with a search for “Wireshark Certified” and it also returned no results. After comparing that to “Cisco certified” with 108 results and “CCNA” with 900 results, I don’t think the value has been sold to hiring managers yet. I then found that a search for “Wireshark” returned 64 results, as opposed to “Cisco” that returned 2,246 jobs. I guess the point is that it doesn’t seem that hiring managers are actively looking for people with “Wireshark” skills like they are looking for “Cisco” skills. Maybe an understanding of protocols is assumed? The point I would make is that the ability to understand what is happening on the wire is a skill that will allow network engineers to do their jobs much better. Actually, understanding what is happening on the wire is, or should be, a prerequisite for most of our jobs. So learning protocols very well, as well as the tips and tricks to effectively and quickly see issues in our networks, is a key part of our jobs.
So in conclusion, I think the Wireshark Certification is a really good program. I honestly don’t think you have to be too far along in your career to start understanding this stuff. Ironically, many people go to a protocol analyzer as the last step in troubleshooting. In many cases, it should be the first tool that we reach for. The problem is that most people just aren’t skilled and comfortable with this approach. The Wireshark Certification program, especially the “boat anchor” book, will help overcome this and can help people a lot in their day to day networking jobs. I think that product is a very, very sound investment. I guess the jury is still out as to whether or not the certification will become widely known and accepted.