Changes between Version 5 and Version 6 of netsec2018wireshark


Ignore:
Timestamp:
Jun 10, 2018, 5:56:21 PM (7 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • netsec2018wireshark

    v5 v6  
    7979 - '''!(arp or icmp or dns)''' [masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest]
    8080
    81 ===
     81=== Analysing ===
     82
     83Download the sample packet capture files from here. Open them from wireshak to analyse them. Go to '''File>Open''' and select tha pcap file to be open.
     84
     85'''Telnet.pcap'''
     86 - Wht is the Username and Password?
     87 - What did the User do after log in?
     88Open the file. Filter all the telnet traffic. Go to Analyse>Follow>TCP Stream.
     89
     90'''massivesyn.pcap'''
     91 - Is this an attack? If so what type of an attack?
     92Open the file, Go to Statistics>Coversation. Check for the Type of packet, Sourse IP and the duration
     93
     94'''chat.dump'''
     95
     96Open the file. Go to Analyse>Follow>TCP Stream.
     97
     98 - What are the email addresses of the chatters?
     99 - What were they planning to do?
     100
     101'''ftp.pcap'''
     102
     103Open the file. Statistics>Coversation.  Click TCP. Check the Statistics. Go to Analyse>Follow>TCP Stream
     104
     105 - What is the IP address of the FTP server and the Client?
     106 - What is the error code 530?
     107
     108'''foobar.pcap'''
     109
     110Open the file. Statistics>Coversation and check for source and destination IP and port. Go to Statistics>Protocol Hierarchy
     111
     112 - What is the protocol use TCP 6346?
     113 -  What could be this scenario?
     114
     115'''convertinfo.pcap'''
     116
     117Open the file. Statistics>Coversation and check for packet length.
     118
     119 - Ids this a normal icmp packet?
     120
     121'''sip.pcap'''