11/1/2023 0 Comments Tshark capture filter![]() ![]() Redirect the output of that capture command to /root/http_response. Run a second capture of HTTP traffic using tshark display filters so that only the HTTP response codes are returning to the workstation. ![]() While the capture is running, in a second SSH session, perform a curl of on the workstation to provide some baseline traffic for comparison. In the first report, they need you to collect a sample (no more than 30 to 40 seconds) of all TCP traffic on port 80 using tshark capture filters, and then store the results in /root/http_out. You have been asked to generate a few network traffic captures from a workstation on a possibly compromised network for the security team to review. Use one session to perform captures, and the other to perform the curl commands. Note: For best performance, you should run two simultaneous SSH sessions to the test workstation while you work on this lab. tshark -f "tcp src port 22" -Tfields -e ip.dstĪdd the IP address(es) to /root/ssh_ip in a newline-delimited format. Observe any IP addresses printed after several seconds. Use a tshark capture filter that prints the IP address of hosts sending traffic to the test workstation on TCP port 22. Use a `tshark` capture filter that prints the IP address of hosts sending traffic to the test workstation on TCP port 22. In a separate SSH session, run curl and then curl during the capture: curl curl Note: curl may produce output but it does not need to be recorded. tshark -Y http -Tfields -e > http_response Store the capture command output in /root/http_response. Use a tshark display filter to collect HTTP traffic and print only HTTP response codes. Use a `tshark` display filter to collect HTTP traffic and print only HTTP response codes. curl Note: curl may produce output but it does not need to be recorded. In another SSH session, run curl during the capture. tshark -f "tcp port 80" -V -R http > http_out Store the capture command output in /root/http_out. Use a tshark capture filter to collect TCP traffic on port 80. Successfully complete this lab by achieving the following learning objectives: Use a `tshark` capture filter to collect TCP traffic on port 80. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |