Join Lisa Bock for an in-depth discussion in this video Solution: Packets and filters, part of Wireshark: Malware and Forensics.
- [Narrator] Okay, how'd you do?…Let's walk through this challenge together.…I'm at CloudShark, and let's take a look at…at this packet capture.…First, how many packets do you see?…As you can see, there are 620 packets.…Now we're going to download and open it in Wireshark.…Now once it's open, we'll create a filter…to show only replies.…
Down below we'll look at the address resolution protocol…and the header, and here's the opcode.…Now this is a request but I want to change it,…so it shows a reply.…Let's right click, prepare as a filter,…selected, but now we'll change the opcode to two,…because that's for the replies.…Now you see there aren't any replies.…622 requests and no replies…is indicative of an ARP storm.…
In an ARP storm, an attacker keeps generating…broadcast packets with bogus IP addresses.…This can create a denial of service attack…and take the network down for a short time.…If no one detects the storm, chain reactions can follow.…As CPU usage reaches 100%, the switch will fail.…Keep in mind, an ARP storm isn't always due to an attack.…
- Trends in cyberattacks
- Preventing system compromise
- Analyzing packets
- Using Wireshark
- Creating firewall rules
- Baselining a network
- Using capture filters
- Using a ring buffer
- Handling OSI layer attacks
- Identifying attack signatures
- Using VirusTotal
- Handling unwanted TOR activity
Skill Level Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
1. Deep Packet Analysis
2. Capture Overview
3. Unusual Traffic
4. Case Studies
Next steps1m 30s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.