Wireshark PCAP analysis

Info

Analyzing network traffic is very important to understand what is happening over the wire.

Wireshark is the most popular packet capturing tool, but also provides a lot of under-used utilities for network traffic analysis, especially with very large PCAPs

What you will learn

After completing this scenario you will: - How to get a bird's-eye view of the kind of traffic captured in a given PCAP file - Following TCP/UDP streams - Checking for Wireshark's built-in Expert Information analysis - Exporting embedded files captured in data streams - basics of using display filters to narrow down interesting packets.

Technical Details

This scenario contains one virtual machine.

Pre-requisites

Please install wireshark before beginning this scenario

Pre-reading

https://schwartzdaniel.com/introduction-wireshark-part-1/ https://schwartzdaniel.com/introduction-wireshark-part-2/ https://resources.infosecinstitute.com/pcap-analysis-basics-with-wireshark/#gref

Credits for challenges

Pentest Cyprus Team QSecure Cyprus HITB Singapore Akir4 (b00t2root)