The Passive Topology Discovery module provides you with the instructions and devices to develop your hands-on skills in the following topics.
- Packet Capture with Wireshark
- Output Logs
- Packet Analysis Part 1
- Packet Analysis Part 2
Lab time: It will take approximately 1 hour to complete this lab.
The following exam objectives are covered in this lab:
- Design and validate assessment and test strategies
- Conduct security control testing
- Collect security process data (e.g., management and operational controls)
Exercise 1 - Packet Capture with Wireshark
Wireshark is a protocol analyzer which initially can be very useful in passive reconnaissance as it doesn’t directly interact with sending devices only samples the traffic moving across the network. It captures traffic moving across a network or Ethernet adapter and presents its findings of a vast amount of protocols which can be filtered down to specific IP addresses, port number or the protocols traffic type itself.
Exercise 2 - Output Logs
Saving the packet captures for later analysis is a small but very important step, especially if you need to reconstruct or look at data flows at a later date. Wireshark usually saves all the packet information however you can select individual packets to be saved if required.
Exercise 3 - Packet Analysis Part 1
There is a lot of information generated throughout networks, and Wireshark does an excellent job of organizing it. However, there is still a lot of information to go over initially.
Exercise 4 - Packet Analysis Part 2
Wireshark information is can be vast and confusing to view in any normal environment while scrolling through mountains of data it’s easy to miss key pieces of information. Therefore, reporting tools and different formats of viewing data visually and through table formats is needed to really understand the environment.
See the full benefits of our immersive learning experience with interactive courses and guided career paths.