From the course: Wireshark: Malware and Forensics

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Challenge: Firewall rules

Challenge: Firewall rules - Wireshark Tutorial

From the course: Wireshark: Malware and Forensics

Start my 1-month free trial

Challenge: Firewall rules

(upbeat music) - In this challenge, we'll create a firewall rule based on what you see in a packet capture. So, using this exercise file, this is what you'll need to do, you'll first need to obtain the pcap. Go to this website and obtain "smallflows.pcap" and open it in Wireshark. Next, you'll need to filter the data. So in the display filter enter "tcp.stream" equals 60. Select "Frame 904," and then create a Cisco iOS extended rule that will deny traffic from IP address 65.54.95.140 using port 80. Using the Access Control List number 150, how would you write the Access Control List when you apply it to the router's interface? And I've started it for you. For an additional challenge, take that same packet capture and this time, enter "tcp.stream" equals 62, and then follow the stream. Within this stream, there are some images. What image do you see in the first jpg image? So you'll have to locate the image and then…

Contents