The Analyzing Captured Traffic module provides you with the instructions and devices to develop your hands-on skills in the following topics.

  • GeoIP Mapping
  • Packet Jumping
  • Statistics Menu
  • Firewall ACL Rule Creation

Lab time: It will take approximately 1 hour to complete this lab

Exam Objectives

The following exam objectives are covered in this lab:

  • CAS-002 1.3: Given a scenario, analyze network and security components, concepts and architectures.
  • CAS-002 3.3: Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results.

Exercise 1 - GeoIP Mapping

GeoIP Mapping is used to help identify information about where IP information is physically located in the world. The purpose of this is to aid in tracking malicious network traffic or locating where malware might have originated from.

In this exercise you will complete the following tasks:

  • Mapping IP’s to the World

Exercise 2 - Packet Jumping

Packet Jumping is a process which involves the coordination of different frames of reference within a capture. Wireshark logs which packets arrive in which order and then places markers on these packets so that a quick link method can be used to snap to the frame for ease of use.

In this exercise you will complete the following tasks:

  • Packet Jumping

Exercise 3 - Statistics Menu

Statistics provides a quick frame of reference to see instant information which has been calculated by Wireshark according to various types of preset requirements in terms of the number of packets, their type but it also has the ability to graph these values together to see trends and patterns.

In this exercise you will complete the following tasks:

  • Viewing Protocol Hierarchy
  • Viewing Conversations
  • Packet Lengths
  • I/O and Flow Graphs

Exercise 4 - Firewall ACL Rule Creation

Firewall Rules are a key component to any major firewall and Wireshark has the ability to help construct the initial syntax which can then be used in a variety of devices, for example, Cisco and Palo Alto Firewalls.

In this exercise you will complete the following tasks:

  • Wireshark Building the ACL
  • Applying an ACL to Windows Firewall

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.