From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Challenge: Firewall rules - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Challenge: Firewall rules
(upbeat music) - In this challenge, we'll create a firewall rule based on what you see in a packet capture. So, using this exercise file, this is what you'll need to do, you'll first need to obtain the pcap. Go to this website and obtain "smallflows.pcap" and open it in Wireshark. Next, you'll need to filter the data. So in the display filter enter "tcp.stream" equals 60. Select "Frame 904," and then create a Cisco iOS extended rule that will deny traffic from IP address 65.54.95.140 using port 80. Using the Access Control List number 150, how would you write the Access Control List when you apply it to the router's interface? And I've started it for you. For an additional challenge, take that same packet capture and this time, enter "tcp.stream" equals 62, and then follow the stream. Within this stream, there are some images. What image do you see in the first jpg image? So you'll have to locate the image and then…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Baseline your network4m 11s
-
Displaying data using filters3m
-
Creating complex filters5m 24s
-
Capture filters3m 18s
-
Using statistics3m 14s
-
Save, export, and print6m 28s
-
Coloring rules3m 55s
-
Using a ring buffer4m 24s
-
Challenge: HTTP packets39s
-
Solution: HTTP packets1m 27s
-
Challenge: Firewall rules1m 27s
-
Solution: Firewall rules3m 37s
-
-
-
-