Filter and Analyze Traffic with Wireshark

 You are the security analyst for a small corporate network. You want to find specific information about the packets being exchanged on your network using Wireshark.

In this lab, your task is to:

• Use Wireshark to capture packets from the enp2s0 interface.
• Use a Wireshark filter to isolate and examine packets for:
  • All network traffic for 192.168.0.0.
  • All traffic for the 192.168.0.45 host.
  • All IP traffic with a source address of 192.168.0.45.
  • All IP traffic with a destination address of 192.168.0.45.
  • All HTTP traffic on port 80.
  • All packets with an Ethernet Mac address containing 11:12:13.
  • All TCP packets that contain the word password.
• Answer the questions.

EXPLANATION

Complete this lab as follows:

1. Start a Wireshark capture.
   1. From the Favorites bar, select Wireshark.
   2. Maximize the window for easier viewing.
   3. Under Capture, select enp2s0.
   4. Select the blue fin to start a Wireshark capture.
2. Apply the net 192.168.0.0 filter.
   1. In the Apply a display filter field, type net 192.168.0.0 and press Enter.
      Look at the source and destination addresses of the filtered packets.
   2. Select the red square to stop the Wireshark capture.
   3. In the top right, select Answer Questions.
   4. Answer Question 1.
   5. Apply the host 192.168.0.45 filter.
      1. Select the blue fin to start a Wireshark capture.
      2. In the Apply a display filter field, type host 192.168.0.45 and press Enter.
         Look at the source and destination addresses of the filtered packets.
      3. Answer Question 2.
   6. Apply the ip.src==192.168.0.45 filter.
      1. In the Apply a display filter field, type ip.src==192.168.0.45 and press Enter.
         Look at the source and destination addresses of the filtered packets.
      2. Answer Question 3.
   7. Apply the ip.dst==192.168.0.45 filter.
      1. In the Apply a display filter field, type ip.dst==192.168.0.45 and press Enter.
         Look at the source and destination addresses of the filtered packets.
      2. Answer Question 4.
   8. Apply the tcp.port==80 filter.
      1. In the Apply a display filter field, type tcp.port==80 and press Enter.
         Look at the source and destination addresses of the filtered packets.
      2. Answer Question 5.
   9. Apply the eth contains 11:12:13 filter.
      1. In the Apply a display filter field, type eth contains 11:12:13 and press Enter.
         Look at the source and destination addresses of the filtered packets.
      2. Answer Question 6.
      3. Apply the tcp contains password filter.
         1. In the Apply a display filter field, type tcp contains password and press Enter.
         2. Select the red box to stop the Wireshark capture.
         3. Locate the password.
         4. Answer Question 7.
         5. Select Score Lab.