Analyzing Captured Traffic

Introduction

The Analyzing Captured Traffic module provides you with the instructions and devices to develop your hands-on skills in the following topics.

• GeoIP Mapping
• Packet Jumping
• Statistics Menu
• Firewall ACL Rule Creation

Lab time: It will take approximately 1 hour to complete this lab.

Exercise 1 - GeoIP Mapping

GeoIP Mapping is used to help identify information about the where IP information is physically located in the world. The purpose of this is to aid in tracking malicious network traffic or locating where malware might have originated from.

In this exercise you will complete the following tasks:

• Mapping IP’s to the World

Exercise 2 - Packet Jumping

Packet Jumping is a process which involves the coordination of different frames of reference within a capture. Wireshark logs which packets arrive in which order and then places markers on these packets so that a quick link method can be used to snap to the frame for ease of use.

In this exercise you will complete the following tasks:

• Packet Jumping

Exercise 3 - Statistics Menu

Statistics provides a quick frame of reference to see instant information which has been calculated by Wireshark according to various types of preset requirements in terms of the number of packets, their type but it also has the ability to graph these values together to see trends and patterns.

In this exercise you will complete the following tasks:

• Viewing Protocol Hierarchy
• Viewing Conversations
• Packet Lengths
• I/O and Flow Graphs

Exercise 4 - Firewall ACL Rule Creation

Firewall Rules are a key component to any major firewall and Wireshark has the ability to help construct the initial syntax which can then be used in a variety of devices, for example, Cisco and Palo Alto Firewalls.

In this exercise you will complete the following tasks:

• Wireshark Building the ACL
• Applying an ACL to Windows Firewall