From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Solution: Packets and filters - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Solution: Packets and filters
- [Narrator] Okay, how'd you do? Let's walk through this challenge together. I'm at CloudShark, and let's take a look at at this packet capture. First, how many packets do you see? As you can see, there are 620 packets. Now we're going to download and open it in Wireshark. Now once it's open, we'll create a filter to show only replies. Down below we'll look at the address resolution protocol and the header, and here's the opcode. Now this is a request but I want to change it, so it shows a reply. Let's right click, prepare as a filter, selected, but now we'll change the opcode to two, because that's for the replies. Now you see there aren't any replies. 622 requests and no replies is indicative of an ARP storm. In an ARP storm, an attacker keeps generating broadcast packets with bogus IP addresses. This can create a denial of service attack and take the network down for a short time. If no one detects the storm, chain reactions can follow. As CPU usage reaches 100%, the switch will…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.