This is a instructional step by step process to using the packet capture tool Wireshark for Defensive Security and Analyzing Network Traffic.
My purpose for this lab is to learn more about Analyzing Network Traffic and Security Monitoring.
This lab consists of a Linux virtual machine and Wireshark.
~ Kali Linux ~ Used a Kali Linux virtual machine with the Wireshark tool that came prepackaged.
~ Wireshark ~ Used this tool to capture packets on a certain interface, then use various filters to observe website traffic.
Installed and set up a Kali Linux virtual machine.
Captured and saved packets on a detected interface using Wireshark.
Used a display filter to observe a certain packet protocol.
~ Filtered for only packets with 'TCP port 80'; tcp.port == 80
Employed a display filter to detect a certain IP address in the capture.
~ Filtered for any IP address that is '8.43.85.97'; ip.addr == 8.43.85.97
Used a conditional filter to locate certain packets in the capture.
~ Filtered for any IP address but '8.43.85.97' and include all other packets; !(ip.addr == 8.43.85.97) and (tcp.port == 443 or tcp.port == 80)
In creating and deploying this lab I learned that Wireshark is an advantageous tool. Capturing, saving and filtering packets can be very helpful in analyzing network traffic so appropriate action can be taken if needed in a network security monitoring situation.
Credit: This lab was provided by Coursera, I followed the steps used in the course to create and replicate this lab.
~ Link ~ https://www.coursera.org/projects/wireshark-for-beginners-capture-packets#outcomes