WiresharkSummary It’s time for you to learn how to “sniff” potentially malicious
WiresharkSummary It’s time for you to learn how to “sniff” potentially malicious network traffic using the popular Wireshark tool. Wireshark is yet another is an open‐source tool that you can use to capture network traffic and analyze packets at a very granular level. Context Your boss comes to you and is concerned that your network may be under attack by a malicious hacker. Your boss requests that you start to investigate and wants you to determine if the network traffic is malicious, the type of attack, the specific IP addresses that are being targeted, and where the attack originated from. You immediately identify that the right tool for this job is Wireshark.
Steps 1: Download and install Wireshark
Open your web browser and go HERE to download and install Wireshark on your system.
2: Determine your IP address
Open a command prompt or a terminal window. Type ipconfig and press Enter if you are on a Windows system. If you are on Mac, try ifconfig. Make sure to take note of your system’s IP address.
3: Capture network traffic Open Wireshark. Identify the Wi‐Fi interface that corresponds with step 2. Double‐click the Wi‐Fi connection. It will start capturing network traffic.
4. Run an “intense” scan
Open a command prompt or a terminal window and type the below command.
nmap -T4 -A –v
5: Stop the network traffic capture
When the Nmap scan is done, return to Wireshark and click the red box under the word Edit. This will stop the capture, and you now have data to save and analyze.
6: Analyze the network traffic
In Wireshark, take some time to analyze the captured network traffic. In particular, look at the Protocol column for any DNS traffic. If you cannot find it by scrolling, try clicking the word protocol in the top pane. Each column can be sorted in ascending and then descending order just by clicking the column headings
7: Save the captured network traffic
To save the network traffic you just sniffed in Wireshark, go to File > Save, name the file
Leave a Reply