Our Scenarios
forensics

Wireshark PCAP analysis

Info

Analyzing network traffic is very important to understand what is happening over the wire.

Wireshark is the most popular packet capturing tool, but also provides a lot of under-used utilities for network traffic analysis, especially with very large PCAPs

What you will learn

After completing this scenario you will: - How to get a bird's-eye view of the kind of traffic captured in a given PCAP file - Following TCP/UDP streams - Checking for Wireshark's built-in Expert Information analysis - Exporting embedded files captured in data streams - basics of using display filters to narrow down interesting packets.

Technical Details

This scenario contains one virtual machine.

Pre-requisites

Please install wireshark before beginning this scenario

Pre-reading

https://schwartzdaniel.com/introduction-wireshark-part-1/ https://schwartzdaniel.com/introduction-wireshark-part-2/ https://resources.infosecinstitute.com/pcap-analysis-basics-with-wireshark/#gref

Credits for challenges

Pentest Cyprus Team QSecure Cyprus HITB Singapore Akir4 (b00t2root)

  • MODESINGLEPLAYER
  • TYPECCL
  • DIFFICULTYINTERMEDIATE
  • TIME240 MINUTES
  • COST10 CRYSTALS
SHARE