In this lab, I used Wireshark to analyze a packet capture and learn how to filter and inspect network traffic. I built practical skills opening capture files, applying display filters, and drilling into packet-level details to identify meaningful data.
I acted as a security analyst examining traffic from a user’s web browsing session. My objectives were to identify source and destination IPs, determine which protocols were used, inspect individual packets, and apply filters to isolate DNS and HTTP payload data.
| Task | My Response |
|---|---|
| Open capture file | I loaded the provided .pcap in Wireshark and reviewed the packet list to familiarize myself with the timestamps and endpoints. |
| Identify IP addresses | I applied the filter ip.addr to list unique source and destination IPs, noting the client at 192.0.2.10 and the server at 198.51.100.25. |
| Examine protocols | I added the Protocol column and observed DNS, TCP, and HTTP traffic. I drilled into HTTP packets to confirm GET and 200 OK responses. |
| Filter DNS (UDP port 53) | I used the display filter udp.port == 53 to isolate DNS queries and responses, then inspected the query names and TTL values. |
| Filter HTTP payload | I applied http.request or http.response and tcp contains "Host" to locate HTTP headers and payload text, extracting the requested URL paths. |
By completing this exercise, I practiced using Wireshark filters to pinpoint IP addresses, protocols, DNS queries, and HTTP payloads. These skills will help me efficiently analyze network traffic and uncover relevant security events.