Overview

Introduction

Welcome to the Analyze network traffic with Wireshark Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Download and Install Wireshark
  • Capture Packets with Wireshark
  • Perform Packet Analysis - Part 1
  • Perform Packet Analysis - Part 2
  • Verify Output Logs
  • Perform Packet Jumping

After completing this lab, you will be able to:

  • Download Wireshark
  • Install Wireshark
  • Use Wireshark Launch Modes
  • Capture traffic information
  • Analyze captured information
  • Display capture information with Wireshark
  • View Packet Capture Logs
  • Perform Packet Jumping

Exam Objectives

The following exam objectives are covered in this lab:

  • 2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirement.

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Download and Install Wireshark

Wireshark is a free open-source packet sniffer useful for analyzing network traffic. Similar to TCPdump, it uses a powerful and a user-friendly GUI that greatly improves and simplifies its usage for network traffic analysis. Like TCPdump, Wireshark uses the libpcap or WinPcap library to capture and store traffic information. Learning to use WireShark is easy as the the Interface remains consistent whether you use it on Windows, Linux or Mac.

A key difference to log files, however, is that Pcap files store the contents of packets which are captured. Logs can be misleading as they can tell you what events happened in terms of processes but not what the client specifically requested from the host.

Learning Outcomes

After completing this exercise, you will be able to:

  • Download Wireshark
  • Install Wireshark
  • Use Wireshark Launch Modes

Exercise 2 - Capture Packets with Wireshark

Wireshark is a protocol analyzer that can be very useful in passive reconnaissance as it does not interact with the devices directly, but samples the traffic moving across the network. It captures traffic moving across a network or Ethernet adapter and presents its findings of a vast amount of protocols, which can be filtered down to specific IP addresses, port numbers or the protocols traffic type itself.

Learning Outcomes

After completing this exercise, you will be able to:

  • Capture traffic information

Exercise 3 - Perform Packet Analysis - Part 1

There is a lot of information generated throughout networks, and Wireshark does an excellent job of organizing it. However, there is still a fair amount of information to go over initially.

Learning Outcomes

After completing this exercise, you will be able to:

  • Analyze captured information

Exercise 4 - Packet Analysis - Part 2

Wireshark information can be vast and confusing to view in any normal environment. While scrolling through mountains of data, it’s easy to miss key pieces of information. Therefore, reporting tools and different formats of viewing data visually and through table formats are useful in order to understand the environment fully.

Learning Outcomes

After completing this exercise, you will be able to:

  • Display capture information with Wireshark

Exercise 5 - Verify Output Logs

Saving the packet captures for later analysis is a small but very important step, especially if you need to reconstruct or look at data flows at a later date. Wireshark usually saves all the packet information. However, you can select individual packets to be saved if required.

Learning Outcomes

After completing this exercise, you will be able to:

  • View packet capture logs

Exercise 6 - Perform Packet Jumping

Packet Jumping is a process which involves the coordination of different frames of reference within a capture. Wireshark logs which packets arrive in which order. It then places markers on these packets so that a quick link method can be used to snap to the frame for ease of use.

Learning Outcomes

After completing this exercise, you will be able to:

  • Perform packet jumping

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.