Applying Filters to TCPDump and Wireshark
Cyberscore

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
1 hour
Difficulty
Intermediate

This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

CybrScore’s Applying Filters to TCPDump and Wireshark is a Cybrary lab intended for students of Intermediate level. This lab is very interactive and hands-on and provides persistent training that teaches security professionals how to become efficient and effective at conducting security tasks. This lab is fun to interact with, up to date, and quick to perform. The Applying Filters to TCPDump and Wireshark lab teaches students how to apply a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) Syntax. TCPDump is a commonly used command line packet analyzer. The simplistic interface enables the user to easily capture or filter TCP/IP packets sent or received over a network. Wireshark is a commonly used open source network protocol analyzer that can be used in both static and dynamic analysis and includes numerous features, including network troubleshooting, protocol development, and packet analysis. Upon successful completion of CybrScore’s Applying Filters to TCPDump and Wireshark lab, the student will have learned how to perform a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) Syntax. CybrScore Applying Filters to TCPDump and Wireshark lab takes approximately 1 to 2 hours to complete. In CybrScore’s Applying Filters to TCPDump and Wireshark lab, students will use TCPDump to read capture files and read the captured traffic. Students will be able to analyze the packet capture to see which ports and protocols are in use. This skill is a key part of the Cyber Defense Analyst work role and builds to the ability to use protocol analyzers and perform packet-level analysis. In CybrScore’s Applying Filters to TCPDump and Wireshark lab, students will learn how to use filters to focus on the items of interest. These could be protocols such as ARP, DNS or FTP traffic. This skill is a key part of the Cyber Defense Analyst work role and builds to the ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. CybrScore’s Applying Filters to TCPDump and Wireshark lab, students will learn how to use Wireshark to export entire HTML objects for packets along with only showing FTP sessions. The student will apply filters for Telnet and Non-TCP Traffic. This skill is a key part of the Cyber Defense Analyst work role and builds to the ability to interpret the information collected by network tools. CybrScore’s Applying Filters to TCPDump and Wireshark Lab is part of the Cyber Defense Analyst career path. Completion of CybrScore’s Applying Filters to TCPDump and Wireshark lab means that the student has demonstrated the ability to apply a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) Syntax.