Marcelle Lee @marcelle_fsg was at BSides Charm 2016 and did a workshop called Fun with Network Packet Analysis. She made her materials available here.

This is a good place to start, fire up Wireshark and get to work!

The slides cover the following topics:

  • OSI Model vs TCP/IP Stack
  • Structure of Packets
  • Secure vs Insecure Applications
  • TCP 3-Way Handshake
  • TCP & UDP Headers
  • IPv4 & IPv6
  • Mac Addresses
  • Network Interfaces
  • Wireshark
    • Packet List Pane
    • Packet Details Pane
    • Packet Byte Pane
    • Analysis
    • Streams
    • Filters

There is an exercise and solution document to guide you through the exercises.

Exercises include:

  • VPN connection – vpn-new.pcap
  • Online Registration – acunetix.pcap
  • Hotel WiFi connection (captive portal) – hotel.pcap
  • “Internet of Things” – iot-new.pcap
  • Updated version – video-new.pcap
  • Detecting a network scan – xscan.pcap
  • Detecting an injection attack – injection-new.pcap
  • Detecting web app compromise – web-shell.pcap
  • Detecting attacker exfil – exfil.pcap
  • Detecting website hijacking – clickjack.pcap

Thanks Marcelle for the workshop and the materials!

Fun with Packet Analysis by Marcelle Lee
Tagged on:                             

One thought on “Fun with Packet Analysis by Marcelle Lee

Leave a Reply