The Installing Wireshark module provides you with the instructions and devices to develop your hands-on skills in the following topics.
- Download and Install Wireshark
Lab time: It will take approximately 30 minutes to complete this lab
The following exam objectives are covered in this lab:
- CAS-002 1.3: Given a scenario, analyze network and security components, concepts and architectures.
- CAS-002 3.3: Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results
Exercise 1 - Downloading and Installing Wireshark
Wireshark is a free open-source packet sniffer useful for analyzing network traffic. Similar to TCPdump, it uses a powerful and a user-friendly GUI that greatly improves and simplifies its usage for network traffic analysis. Like TCPdump, Wireshark uses the libpcap or WinPcap library to capture and store traffic information. Learning to use WireShark is easy as the the Interface remains consistent whether you use it on Windows, Linux or Mac.
A key difference to log files, however, is that Pcap files store the contents of packets which are captured. Logs can be misleading as they can tell you what events happened in terms of processes but not what the client specifically requested from the host.
In this exercise you will complete the following tasks:
- Downloading Wireshark
- Installing Wireshark
- Wireshark Launch Modes