Getting Started with Wireshark

As explained by Wikipedia, Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.   There are versions for Windows, Mac, and Linux.  It is included in the Kali Linux distribution and is often used by security professionals to scan networks and analyze and monitor suspicious traffic.

For more information on Wiresharek, including how to download, install, and begin using the tool, feel free take the following course:

Troubleshoot Your Network with Wireshark:  Lynda.com that covers the fundamental concepts underlying Wireshark, such as network analysis and the OSI model, and examines some example packet captures so you can start to understand field values and compare normal to abnormal network behaviors. You’ll also be introduced to common attack signatures, display and capture filters, and protocols such as HTTP, TCP, DNS, and FTP.  Lynda.com is a free resource to Temple University students that is available from the TUportal home page.

Total Time: 2 hours and 35 minutes

Once you’ve taken the introductory course, take on some of the PCAP exercise files on Malware-Traffic-Analysis.net  Be careful, some of the PCAP files used in these exercises contain links to malicious sites and files.  The website warns: “Use this website at your own risk!  If you download or use of any information from this website, you assume complete responsibility for any resulting loss or damage.”  Also, the password for the exercise files is located on the “about” page of the website.