Analyzing Captured Traffic
The "Analyzing Captured Traffic" module provides you with the instructions and devices to develop your hands-on skills in the following topics: GeoIP Mapping, Packet Jumping, Statistics Menu, Firewall ACL Rule Creation.
Already have an account? Sign In »

Introduction
The Analyzing Captured Traffic module provides you with the instructions and devices to develop your hands-on skills in the following topics.
- GeoIP Mapping
- Packet Jumping
- Statistics Menu
- Firewall ACL Rule Creation
Lab time: It will take approximately 1 hour to complete this lab.
Exercise 1 - GeoIP Mapping
GeoIP Mapping is used to help identify information about the where IP information is physically located in the world. The purpose of this is to aid in tracking malicious network traffic or locating where malware might have originated from.
In this exercise you will complete the following tasks:
- Mapping IP’s to the World
Exercise 2 - Packet Jumping
Packet Jumping is a process which involves the coordination of different frames of reference within a capture. Wireshark logs which packets arrive in which order and then places markers on these packets so that a quick link method can be used to snap to the frame for ease of use.
In this exercise you will complete the following tasks:
- Packet Jumping
Exercise 3 - Statistics Menu
Statistics provides a quick frame of reference to see instant information which has been calculated by Wireshark according to various types of preset requirements in terms of the number of packets, their type but it also has the ability to graph these values together to see trends and patterns.
In this exercise you will complete the following tasks:
- Viewing Protocol Hierarchy
- Viewing Conversations
- Packet Lengths
- I/O and Flow Graphs
Exercise 4 - Firewall ACL Rule Creation
Firewall Rules are a key component to any major firewall and Wireshark has the ability to help construct the initial syntax which can then be used in a variety of devices, for example, Cisco and Palo Alto Firewalls.
In this exercise you will complete the following tasks:
- Wireshark Building the ACL
- Applying an ACL to Windows Firewall