Passive Topology Discovery

Practice Labs Module
1 hour

The "Passive Topology Discovery" module provides you with the instructions and devices to develop your hands-on skills in the following topic: Packet Capture with Wireshark, Output Logs, Packet Analysis Part 1, Packet Analysis Part 2.

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »



The Passive Topology Discovery module provides you with the instructions and devices to develop your hands-on skills in the following topics.

  • Packet Capture with Wireshark
  • Output Logs
  • Packet Analysis Part 1
  • Packet Analysis Part 2

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • CS0-001 1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • CS0-001 1.2 Given a scenario, analyze the results of a network reconnaissance
  • CS0-001 3.4 Given a scenario, analyze common symptoms to select the best course of action to support incident response
  • CS0-001 4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls

Exercise 1 - Packet Capture with Wireshark

Wireshark is a protocol analyzer which initially can be very useful in passive reconnaissance as it doesn’t directly interact with sending devices only samples the traffic moving across the network. It captures traffic moving across a network or Ethernet adapter and presents its findings of a vast amount of protocols which can be filtered down to specific IP addresses, port number or the protocols traffic type itself.

Exercise 2 - Output Logs

Saving the packet captures for later analysis is a small but very important step, especially if you need to reconstruct or look at data flows at a later date. Wireshark usually saves all the packet information however you can select individual packets to be saved if required.

Exercise 3 - Packet Analysis Part 1

There is a lot of information generated throughout networks, and Wireshark does an excellent job of organizing it. However, there is still a lot of information to go over initially.

Exercise 4 - Packet Analysis Part 2

Wireshark information is can be vast and confusing to view in any normal environment while scrolling through mountains of data it’s easy to miss key pieces of information. Therefore, reporting tools and different formats of viewing data visually and through table formats is needed to really understand the environment.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.