Start Using Wireshark to Hack like a Pro

Download and install Wireshark on a Windows platform

Get to know the Wireshark interface.

Maneuver the static packet capture File1.pcapng and FileOnev2.pcap within Wireshark and interpret the information in the file. Become familiar with the three main display windows and how to analyze the packet information.

Recognize the components of client to server interaction. Following the common sequences of network traffic from request to response

            DNS to IP 

            IP to ARP

Analyze the different components of client to server communication. Interpret DNS and ARP and what takes place on the network when these protocols communicate.

This is an update of the original Lecture 6 with the latest version of Wireshark.

Explore the main protocols on the network and build understanding of the components of ICMP, the composition of UDP and the characteristics of TCP communications.

Assess the static capture file File1.pcapng. Examine the ICMP, UDP and TCP traffic within the file using the user interface of Wireshark.

You will learn about the headers and the components within the headers of IP, UDP and TCP. Following the information review you will learn a process for analyzing the headers from within the network.

You will use the supplemental file, File2.pcapng. amd examine the way the headers are displayed within the user interface of Wireshark. The process of identifying and understanding encapsualtion will be reviewed.

In this lecture you will learn about the connection-oriented and the connection-less network protocols and how to interpret Steams and conversations on the network.

You will use the supplemental file, File3.pcapng, and process the UDP sessions and review the stream content. You will explore the TCP connections, and analyze the streams from the connections to uncover information from the network communications.

You will learn the different methods of setting up a capture wihtin Wireshark. You will review the interface and options available for captruing the network traffic.

-

You will learn how to configure and setup the Wireshark tool to conduct live network traffic capture. Once you have configured the interface and started the capture you will access a number of web sites.

You will apply the process you have learned to the live capture file. Following this, you will analyze what has taken place at the packet level when you generated the network traffic.

You will receive an overview of the different methods of working with packet capture files in Wireshark. Following this, infomration on the different capture file formats will be explained.

You will learn the process, methods and the different formats for saving capture files. At the completion of this you will learn how to select different area of the network traffic and save for future use.

You will lean the advanced capture methods of Wireshark. The process and technique of merging capture files into another will be discussed as well as the capability to import hexadecimal traffic from a file.

You will apply the skills that you have learned for advanced captures in the Wireshark tool Following this, you will see how to isolate specific network packet data and then merge it into another capture file for later use.

You will learn about the powerful filtering capability in Wireshark. By applying filters you will be able to isolate all facets of network communication. An explanation of the characteristics of basic network attacks will be discussed. 

You will apply the knowledge you have learned to the creation filters within the Wireshark tool. Methods of a variety of shortcuts to assist your analysis will be reviewed.

You will learn the process to examine network protocol communication. The methods used to identify abnormal and potentially attack traffic will be discussed.

You will use the supplemental capture file, File3,pcapng to apply the skills we have developed throughout the course to determine what has taken place on the network where the packet capture was taken. You will review and determine the network traffic that is normal, and the network traffic that could be an attack. The skills practiced here will set the stage for the next level of conducting protocol analysis of potential attack traffic.

You will use the supplemental capture file, File4.pcapng and apply the skills, and process and methodology you have learned throughout the course to determine what has taken place on the network that the network packet capture was taken on.

This is the first capture file, apply the process you have learned and analyze what is taking place in the file. Message me once you have completed your analysis.

I have created a Bonus File Section that will contain different capture files for you to apply the process we show in the course to analyze the network traffic. I am happy to announce that the second capture file for you to review has been uploaded. Take a look ad see if you can determine what has taken place on the network and anything that is suspicious in the network traffic. Once you have analyzed it, send me a message with your results. After I get 10 or more analysis results from you all, I will post a solution with a walk through of some of the important items that are in the capture file. As a reminder, the process is:

1. Look for suspicious traffic
2. Identify open ports
3. Look for data within the packets
4. Analyze the streams of data
5. Look for signs of compromise
6. Draft a report of your findings

This is the solution file for the 2nd bonus packet capture. I did not provide everything in the capture file, I explained the process. See if after you have reviewed the solution you can discover any additional information about the attacks if there are any within the file. Post your analysis to share with others. Good Luck!

In this lecture I will perform the first step of the scanning methodology that hackers deploy using the popular tool nmap. The discovery of live systems to hack!

In this video, I will perform the second step of the hacking methodology of scanning, and that is finding the open ports on our targets. These open ports represent doors that we can use for access, or in hacker terms our vector for a potential attack.

In this video, I will perform the third step of the hacking methodology of scanning, and that is finding the services on the open ports on our targets. These services will let the attacker know where the potential attack points are at.

In this video, I will perform the fourth step of the hacking methodology of scanning, and that is enumerating details on our targets. These details will assist the attacker with making the attack points more granular and then they can carry out a more direct attack with a greater chance of success.

In this video, I will perform the fifth step of the hacking methodology of scanning, and that is identifying the vulnerabilities, and this is one of the things that a hacker needs and that is a weakness to leverage for gaining access.

In this video, I will perform the sixth step of the hacking methodology of scanning, and that is validating the vulnerabilities, and this is leveraging a weakness for gaining access and is penetration  testing.

In this lecture I will walk through the initial process of analyzing malware capture files.

In this video I show how to extract files from a Wireshark capture file.