This Learn On Demand Pro Series is part of a Career Path: Become a SOC Analyst - Level 1
Learn how to use Wireshark, an open-source analyzer used to monitor network security on a virtual machine. This lab is part of the Become a Security Operations Center (SOC) Analyst - Level 1 career path and prepares the learner Cyber Defense Analyst NICS/NIST positions. Learners gain hands-on experience with a well regarded open-source tool to capture and analyze network transmissions.
Learners will set-up FTP and HTTP capabilities on the remote system. From there, learners become familiar with the Wireshark interface and use the application to capture secure or public messages sent through HTTP, FTP, and SSH. Finally, learners intercept and view network packets detailing exposed transmissions.
Install and Configure the FTP and HTTP Services :
On a virtual machine, install an FTP client, through the Terminal window, using Linux. Confirm the remote computer can be connected by another machine on the network. Learn to troubleshoot when a program registers the program to install is in use. Learners will problem solve by killing that process and retrying the installation, handy code to know when code executed gets stuck. Finally, verify that the FTP set-up works by logging into the virtual machine and closing the connection.
Capture and Display FTP Packets :
On a server, connected to the virtual machine learners see view and analyze network packets sent via FTP, using Wireshark. FTP can be used to send both private and public transmissions. Configure Wireshark to received FTP messages on the network from sending a file from the remote computer. Learners see how to start and conclude capturing network transmissions and validate messages used to send user names and passwords are secure. By gaining hands-on experience with this challenge, learners use tools to figure out network problems from a remote machine and to see when a third unapproved computer conducts an eavesdropping attack.
Capture and Display SSH Packets by Using Wireshark:
SSH protocols send information securely, like passwords. Learners confirm that the contents of these transmissions cannot be read, even by the administrator. First, the learner ensures Wireshark can only obtain SSH transmissions. Then he or she views the SSH packets, on Wireshark, while logging into the remote machine. From there, the Wireshark feed masks the authentication information, showing that the network data is secure.
Capture and Display HTTP Packets by Using Wireshark
This challenge shows learners what the Wireshark feed looks like when network packets are not secured, as HTTP messages are made publically available on the network. On the virtual machine, learners retrieve a website using the Firefox browser. Then he or she verifies that the intercepted HTTP packets reveal the message contents upon searching for the GET and HELLO commands in Wireshark.
Learners complete this lab and achieve mastery, intercepting network traffic using Wireshark, through four steps:
- Set up a virtual machine so it can send network protocol through FTP and HTTP programs.
- Initiate and stop the capture of network traffic sent through FTP. SSH and HTTP.
- See when FTP contents display, when intercepted, as authenticated vs. not.
- Verify the packet contents sent through SSH remain secure when obtained through network monitoring.
- Understand that HTTP contents, such as GET and HELLO, can be seen and viewed after being intercepted by a network monitor.
See the full benefits of our immersive learning experience with interactive courses and guided career paths.