Once you are only capturing traffic from a single port, it is alot easier to tell who is sending/receiving each packet. This choice is under the capture->options menu in Wireshark. In order to be successful in this project, you will need some basic Linux Command Line Usage, specifically running commands from the Linux command line, and some exposure to Computer Networks, specifically general knowledge of how a client browser sends HTTP requests to a web server. You can set a capture filter to only display traffic from a specific tcp port, which you can point to the port where your IIS is running. However, DNS traffic normally goes to or from port 53, and traffic to and from that port is normally DNS traffic, so you can filter on that port number. To achieve this, you will be taking on the role of helping an IT manager who wants to monitor web traffic on the server in order to verify websites visited are exhibiting proper TCP/IP behavior. You cannot directly filter DNS protocols while capturing if they are going to or from arbitrary ports.
In this 1.5-hour long project-based course, you will learn how to capture and save packets on a physical wired network, create a display filter to observe TCP/IP packets on a certain port, observe HTTP and HTTPS TCP/IP protocol, and identify the TCP/IP protocol stack. This guided project, Wireshark for Beginners TCP/IP Protocol Fundamentals, will help a beginning security analyst who is looking to use Wireshark to analyze Transmission Control Protocol and Internet Protocol (TCP/IP ) network packets through the use of HTTP and HTTPS requests in order to understand the protocol.
0 kommentar(er)
