For my cyber techniques and operations course, we had the opportunity to get hands on experience through virtual labs. I will be breaking down the process of tracing web traffic and sniffing packets with Wireshark.
What is Wireshark?
Wireshark is a premier network analysis tool built for providing real-time capture and examination of data traffic. Some uses of Wireshark include troubleshooting network issues, optimizing performance, and gaining insights into digital communication.
The importance of Traffic Analysis:
Web traffic analysis plays a pivotal role in network security by identifying and analyzing of potential security threats in real time. Its importance lies in its ability to capture and inspect data packets. This allows professionals to detect potential malicious activity.
However, the same capabilities that make traffic analysis pivotal for security can also be exploited for malicious purposes. In the wrong hands, Wireshark can be used to perform packet sniffing, a technique where an attacker intercepts and analyzes network traffic to capture sensitive information such as login credentials, personal data, or confidential business information.
Packet Sniffing
Lab Description:
I have been tasked with demonstrating basic traffic analysis abilities with Wireshark. This includes describing web traffic patterns found with Wireshark, applying filters to limit the traffic display, sniff packets between machines in the virtual environment, and capture files sent between virtual machines. This is all done within ODU’s provided virtual lab system. Provided below is my step by step lab manual:
wireshark-compressed