How To Use Wireshark For Traffic Analysis

by | Nov 14, 2022 | Cybersecurity, IT Engineering, IT Operations, Lab Videos, Network Engineering | 0 comments

How To Use Wireshark For Traffic Analysis

Today we’re talking about one of TryHackMe’s latest room, Wireshark: Traffic Analysis! This room looks at the techniques and key points of traffic analysis with Wireshark and how to detect suspicious activities. This is great information if you’re interested in working in a SOC, on a Blue Team, or even supporting IT operations and need to improve your troubleshooting skills. Since this room covers a lot of in-depth topics, I broke down the tasks into three separate lab walkthrough videos. Be sure to follow along below and subscribe to the CyberInsight YouTube Channel to stay up to date on new lab walkthroughs!

The areas covered by this room include: NMAP scans (TCP connect scans, SYN scans, and UDP scans) ; ARP Poisoning/Spoofing (aka Man In The Middle Attacks); detecting hosts via Kerberos, Netbios, and DHCP; identifying tunneled traffic in DNS and ICMP communication; analyzing FTP traffic; analyzing HTTP and HTTPS traffic including detecting Log4j and suspicious user agents; and how to decode HTTPS traffic. In the last video, stick around for some extra bonus topics!!!

  • Facebook
  • Twitter
  • LinkedIn

Below I’m going to share with you my answers when going through the knowledge checks in the different tasks in the room. Definitely try to work through the problems as much as you can. Make sure to follow along in the video so you understand what you need to do to get the answers below.

Wireshark: Traffic Analysis Task 2 – Nmap Scans

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 3 – ARP Poisoning & Man In The Middle!

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 4 – Identifying Hosts: DHCP, NetBIOS and Kerberos

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 5 – Tunneling Traffic: DNS and ICMP

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 6 – Cleartext Protocol Analysis: FTP

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 7 – Cleartext Protocol Analysis: HTTP

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 8 – Encrypted Protocol Analysis: Decrypting HTTPS

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 9 – Bonus: Hunt Cleartext Credentials!

  • Facebook
  • Twitter
  • LinkedIn

Wireshark: Traffic Analysis Task 10 – Bonus: Actionable Results!

  • Facebook
  • Twitter
  • LinkedIn

Network Knowledge Wrap Up

Keep an eye out as I continue to work through other TryHackMe rooms!

Wireshark 101 Lab

TryHackMe Wireshark: Traffic Analysis room