Wireshark Mini Lab

 Welcome to the Wireshark lab! In this lab, I will learn how to use Wireshark, the most popular packet capturing tool in the world.

Wireshark is an open-source packet sniffing tool that allows us to see what's happening on your network at a microscopic level. It can be used on a variety of platforms, including Windows, macOS, and Linux.

To start using Wireshark, I will need to download and install it on my computer. Once it's installed, I  launch the application and start capturing packets. To capture packets, I first need to select the interface that I want to capture from. This could be a physical interface, such as an Ethernet port, or a virtual interface, such as a VPN connection.


Once you have selected an interface, you can begin capturing packets by clicking the "Start" button. As packets are captured, they will be displayed in the main window of the Wireshark application. You can filter the packets that are displayed by using the filter bar at the top of the window.



As you capture packets, you will notice that they are organized into different layers. Wireshark uses a hierarchical display to show you the different layers of the packet, starting with the link layer at the bottom and moving up to the application layer at the top. You can expand and collapse the layers by clicking on the plus and minus signs next to each layer.


In this example I ping in a public network and then filter the DHCP packets


One of the most useful features of Wireshark is its ability to decode the packets that it captures. This means that it can take the raw data in the packet and turn it into something that is easier for humans to read. For example, it can decode HTTP packets and show you the request and response headers, or it can decode SSL packets and show you the certificate information.

In addition to packet decoding, Wireshark also has a number of other capabilities that you can use to analyze your network traffic. These include:

  • Follow stream: This allows you to follow the data stream between two devices and see the traffic in a more readable format.
  • Expert info: This shows you any issues or problems that Wireshark has detected in the packets that it has captured.
  • Statistics: This provides a variety of statistical information about the packets that have been captured, such as the number of packets, the size of the packets, and the protocol distribution.

As can be seen, Wireshark is a powerful and versatile tool that can be used for a variety of purposes. 

Comments

Post a Comment

Popular posts from this blog

Vulnerability Management(Nessus)

Image
Welcome to the vulnerability management lab! In this lab, I will be using Nessus to identify and prioritize vulnerabilities within the Virtual machine. Nessus is a powerful vulnerability scanner that allows us to scan our network and systems for known vulnerabilities, misconfigurations, and other weaknesses that could potentially be exploited by malicious actors.  In this lab, I set up Nessus Essentials, installed Windows 10 inside a virtual machine using VMware Workstation Player, added some outdated software, and performed vulnerability checks on the virtual machine to look for any potential security flaws. Later, I make an effort to fix some of the flaws. I first start by downloading, Vmware Workstation, a windows 10 iso and Nessus. It is crucial to set the network adapter to bridged while constructing the Windows virtual machine. It connects the virtual machine to the physical computer's network so that Nessus can communicate with the virtual machine effortlessly. After complet
Read more

Active Directory Home Lab

Image
In this lab, I'll be utilizing Oracle VirtualBox to run an active directory. I'm undertaking this lab to learn more about Windows networking and how Active Directory functions. Installing VirtualBox will be the first step in getting the virtual machines up and running. I'll next install Windows 10 and Windows Server 2019 isos, which I'll use to set up two different virtual machines with two different operating systems. The domain controller, which will host the active directory, will be the first virtual machine. I'm going to give this virtual machine two network adapters, one for connecting to the public internet and the other for connecting to VirtualBox, which will act as a sort of virtual private network for the clients   After creating the virtual machine, I'll install Server 2019 on it and then assign it an IP address for the internal network. The external network will automatically obtain IP addresses from the home network. I can tell if the adapter is
Read more

Practitioner Lab 2: File path traversal, traversal sequences stripped non-recursively

Image
 This lab contains a path traversal vulnerability in the display of product images. The application strips path traversal sequences from the user-supplied filename before using it. To solve the lab, retrieve the contents of the  /etc/passwd  file. The first thing I do is look at the website and how it is working I see a lot of images so I can use Burp Suite to look at where are all these images coming from Here I can see the request for all these images I will try to change it for another file name to see if I can get it I know it is stripped so I will probably have to use // of them to get it to work. When I try to use the absolute path it doesn’t work because it it stripped. Now I will use the double to see how it works It took me a while but I figured out how it worked. This way it works when it is filtered.
Read more

TightVNC and Colasoft Packet Builder Lab

Image
 Welcome to the remote access and packet analysis lab! In this lab, I will learn how to perform remote access using TightVNC and how to use Colasoft Packet Builder to analyze IP packet headers. The first part of this lab will focus on using TightVNC for remote access. TightVNC is a popular open-source remote desktop software that allows us to access and control a computer from a remote location. This can be useful in a variety of situations, such as when you need to access a computer that is not physically located near you, or when you need to provide technical support to someone who is not in the same location as you. To use TightVNC, I will need to install the software on both the computer that I want to access remotely (the server) and the computer that you will use to access the server (the client). Once the software is installed, I can start the TightVNC server on the server and the TightVNC viewer on the client. The viewer  prompts me  to enter the IP address or hostname of t
Read more