Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student through analyzing PCAP files in Snort and Wireshark on the Security Onion distribution. This will include reviewing alerts and packet streams.
This virtual lab is appropriate for intermediate students who have a solid understanding of networking. Once completed, the student will be able to review and analyze packet capture files using Snort and Wireshark. The lab will take about 60 minutes to complete if you are unfamiliar with Snort or Wireshark. This lab will help develop knowledge of IDS and intrusion prevention systems (IPS) tools and applications, which is important for Cyber Defense Analysts and Cyber Defense Infrastructure Support Specialists. The lab will also help develop skills in detecting host and network-based intrusions via intrusion detection technologies, which is important for Cyber Defense Analysts, Systems Developers, and Vulnerability Assessment Analysts. You will also work on developing skills in performing packet-level analysis using appropriate tools - part of the Law Enforcement/Counterintelligence Forensics Analyst work role. Snort and Wireshark are common tools used in IT and cybersecurity. Experience with both will benefit most positions in information technology. This lab is part of the Network Engineer and SOC Analyst I Career Paths.
- Skills: Use Snort and Wireshark to analyze PCAP files, Review Snort alerts, Follow packet streams in Wireshark
- Time limit: 60 min
- Skill level: Intermediate
- Work Roles: Cyber Defense Analyst, Cyber Defense Infrastructure Support Specialist, Law Enforcement/Counterintelligence Forensics Analyst, Systems Developer, Vulnerability Assessment Analyst