Analyzing Network Traffic with WireShark

In this lab, participants will utilize Wireshark—a widely trusted network protocol analyzer—to capture, filter, and analyze network packets in a simulated environment. Through guided exercises, they will learn how to interpret key network protocols, identify anomalies, and understand data flow across the network. Practical techniques, such as applying specific filters, recognizing unusual patterns, and tracing data paths, help reinforce these concepts.

By completing this lab, participants will develop a deeper understanding of network traffic behavior, learn how to detect potential indicators of compromise (IoCs), and gain hands-on experience in network forensics. This foundation in network traffic analysis with Wireshark is vital for security operations and prepares learners for more complex challenges in threat detection and incident response.

The "Analyzing Network Traffic with Wireshark" lab is designed to provide participants with hands-on experience in using Wireshark for network traffic analysis. By the end of this lab, learners will:

• Understand Key Network Protocols: Gain familiarity with fundamental protocols like TCP/IP, DNS, and HTTP, which are crucial for analyzing network traffic.
• Identify Suspicious Network Patterns: Learn to recognize deviations from normal traffic patterns and spot indicators of compromise (IoCs).
• Apply Advanced Filtering Techniques: Use Wireshark filters to isolate specific traffic flows, enabling more focused and efficient analysis.
• Develop Incident Response Skills: Build confidence in responding to potential threats by examining packet details, identifying anomalies, and tracing data paths.

Software

• Kali Linux
• Wireshark

Hardware

• 2x Linux Machines
• 1x Windows 10 Client
• 2x Windows 2016 Servers
• 1x Vyos Router