coollosa.blogg.se - Using wireshark linux

CyberOps Workstation virtual machine Instructions Part 1: Prepare the Hosts to Capture the TrafficĪ.

If using a packet sniffer is an issue, the instructor may wish to assign the lab as homework or perform a walk-through demonstration. It is recommended that permission be obtained before running Wireshark for this lab.

Instructor Note: Using a packet sniffer, such as Wireshark, may be considered a breach of the security policy of the school. A PC can have multiple, simultaneous, active TCP sessions with various web sites. For example, when a PC uses a web browser to surf the internet, a three-way handshake is initiated, and a session is established between the PC host and web server. In this lab, you will use Wireshark to capture and examine packets generated between the PC browser using the HyperText Transfer Protocol (HTTP) and a web server, such as When an application, such as HTTP or File Transfer Protocol (FTP) first starts on a host, TCP uses the three-way handshake to establish a reliable TCP session between the two hosts.

Part 3: View the Packets using tcpdump Background / Scenario.

Part 2: Analyze the Packets using Wireshark.

Part 1: Prepare the Hosts to Capture the Traffic.

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. 9.2.6 Lab – Using Wireshark to Observe the TCP 3-Way Handshake (Instructor Version)