I recently sat for the Wireshark Certified Network Analyst certification again. This will be the second time I have taken it and the second time I have passed. I have taken several various networking certification exams, networked with people who have sat for others, and read about many more. Keeping all of that in mind, I think this is one of the most straightforward certification tests I have seen. Laura Chappell, Gerald Combs, and the team have done a great job with the books and preparation materials. If you’re wondering if the exam is right for you, please continue.

Who should test?

Network Admins

If you are a network admin or analyst in any capacity then this certification will add to your resume and give you an edge over your peers. More than that, it will teach you about the protocols and applications that traverse your network and their expected behaviors. How can you architect and maintain a road if you don’t know who and what will be on it and how they will be driving?

Security Analysts

If you are a security analyst focused on proactive or reactive analysis than this is for you. Many threats come in the form of protocol and port scanning or modified network traffic behavior. Knowing and understanding expected performance as well as how these threats operate is critical. Packet level analysis should be one of the first things you turn to.

Application and Hardware Designers

Do you design applications or hardware that will communicate over a network? If so, then I would recommend this certification. Knowing how your product communicates and what it depends on will only make you a better designer which leads to stronger and more secure products in the marketplace.

How to Prepare

This one is easy. There are a few official books and an official study guide. These are all great materials specifically published to help you pass the exam AND use as a continual reference and guide.

I recommend “Wireshark Network Analysis” as an in-depth learning tool for Wireshark. This book should be on every network admin’s shelf. It walks through every key area of Wireshark and provides real-world examples. http://www.wiresharkbook.com/studyguide.html

After reading that book, the “Official Exam Prep Guide” will provide questions for study that are remarkably accurate with the actual test. This is one of the best guides to a certification I’ve seen yet and I highly recommend it. http://www.wiresharkbook.com/epg.html

The rest of that site contains many other resources, so check it out before heading to the next step.

Scheduling the Exam

Once you’re ready to schedule the exam, head over to their other site: http://www.wiresharktraining.com/certification.html

You can schedule the exam in person or electronically with a special setup. The site contains detailed instructions and walks you through each step. I won’t bother explaining more here.

Taking the exam

This exam contained true/false and multiple choice questions. They were all based on the study guide and exam prep. I can’t say there were any surprises. This is also one test where I didn’t feel the questions used confusing verbiage or multiple “good” answers in order to confuse the test taker. It was straight forward and as expected. The amount of time provided is more than adequate. You also have the ability to review your answers before final submission. As with most tests, the test taker is provided a paper and pencil for notes with nothing else allowed in the exam area.

One lesson learned: don’t schedule your exam during a planned time for tornado siren tests or any other drill. It’s very distracting.

What Happens After the Exam

You will immediately know if you’ve passed the exam. Upon passing it will take a week or two to get your certification packet. The packet contains your certification, a letter of congratulations and next steps, and a couple of stickers.

The packet will guide you to the WCNA Portal. This portal is for certified WireSharks only. Here you can access more training, review your certification, and record your Continuing Professional Education (CPE) credits. This certification requires CPEs every year, and you must re-certify every 3 years. CPEs include further training and study, teaching, writing, participation in the community, mentoring, etc.

For those that are thinking about sitting for this test, I hope this has provided some casual insight. If you have questions or comments, please feel free to leave them below.

Happy sniffing!