Cyber Packet Hunt Capture Experience

CybersecurityCybersecurityBeginner
Practice Now

Introduction

In this lab, you will learn how to capture network traffic using Wireshark, a widely-used network protocol analyzer. Network traffic analysis is a crucial skill in cybersecurity, as it helps identify potential threats, monitor network activities, and investigate security incidents. By the end of this lab, you will have gained hands-on experience in capturing and analyzing network packets using Wireshark.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL cybersecurity(("`Cybersecurity`")) -.-> cybersecurity/WiresharkGroup(["`Wireshark`"]) cybersecurity/WiresharkGroup -.-> cybersecurity/ws_packet_capture("`Wireshark Packet Capture`") subgraph Lab Skills cybersecurity/ws_packet_capture -.-> lab-415956{{"`Cyber Packet Hunt Capture Experience`"}} end

Installing Wireshark

In this step, you will install Wireshark on your Linux system.

Open a terminal and use the following command to update the package list and install Wireshark:

sudo apt update

Install Wireshark:

sudo apt install wireshark -y

During the installation, you will be prompted to choose whether to allow non-superusers to capture packets. Select Yes and press Enter.

allow non-superusers to capture packets

After the installation is complete, you will need to add your user to the wireshark group to allow you to capture packets. Run the following command:

sudo chmod +x /usr/bin/dumpcap

After the installation is complete, you can launch Wireshark from the terminal using the wireshark command.

Capturing Network Traffic

In this step, you will learn how to capture network traffic using Wireshark.

  1. Launch Wireshark from the terminal:

    wireshark
  2. In the Wireshark interface, select the network interface you want to capture traffic from. You can find the available interfaces in the "Interface" dropdown menu. We chose the eth0 interface in this example.

    Selecting the Network Interface
  3. Click on the Start button (or press Ctrl+E) to start capturing network traffic.

  4. After starting the capture, you will see the packets being captured in real-time. You can see the packet details in the Wireshark window.

    Capturing Network Traffic
  5. After capturing enough traffic, stop the capture by clicking the Stop button (or press Ctrl+E again).

  6. Save the captured packets to a file by clicking on File > Save As and name the file capture.pcapng in /home/labex/project directory.

    Saving Captured Packets

You should now see the captured network packets in the Wireshark window.

Analyzing Network Traffic

In this step, you will learn how to analyze the captured network traffic using Wireshark's filtering and coloring rules.

  1. In the Wireshark window, you can see the captured packets listed in the "Packet List" pane.

  2. To filter the packets based on specific criteria, enter a display filter expression in the "Filter" field. For example, to display only TCP traffic, enter tcp in the filter field.

    Filtering Packets
  3. Wireshark also allows you to colorize packets based on various criteria. To enable coloring rules, go to View > Coloring Rules and select the rules you want to apply.

    Coloring Packets
  4. You can also follow specific streams of traffic by right-clicking on a packet and selecting Follow > TCP Stream.

    Follow TCP Stream

    Click the Save As button to save the TCP stream to a file in the /home/labex/project directory with the name tcp_stream.txt.

    Save TCP Stream
  5. Explore the different panes in the Wireshark window to analyze the captured packets in detail, such as the "Packet Details" and "Packet Bytes" panes.

Summary

In this lab, you learned how to capture and analyze network traffic using Wireshark. You started by installing Wireshark on your Linux system, followed by capturing network traffic from a selected network interface. Finally, you explored various techniques to analyze the captured traffic, such as filtering, coloring rules, and following specific streams of traffic. By completing this lab, you have gained valuable hands-on experience in using Wireshark, a powerful tool for network traffic analysis and cybersecurity investigations.

Other Cybersecurity Tutorials you may like