Lab S1.5.3 - Network Monitoring
We will do a Lab working with TCP Dump vs Wireshark.

You will do this as a group and as an individual.

Lab - 1.5.3 TCPDUMP vs Wireshark - Click here. 
Mr. Cusack will discuss the Lab.

We will doing this on my big Screen.

What we will capture: (Mr. Cusack will need to sign each page 
and with the students signature)

Start your Cyber Range:
Start both the Linux and Ubuntu machines.

PX_lastname_WireSharkP7.png
- Screen shot of:
hostname -I 
JuiceShop_start

PX_lastname_WireSharkP8.png
- Screen shot of:
wireshark

PX_lastname_WireSharkP9.png
- Screen shot of:
wireshark


PX_lastname_WireSharkP10.png
- Screen shot of:
Start Firefox
<Kali_IP_Address> : 3000

login:  admin@juice-sh.op
password: admin123

PX_lastname_WireSharkP12.png
- Screen shot of:
using CTRL+C to stop the capturing

PX_lastname_WireSharkP13.png
- Screen shot of:
wireshark with the following marked:
Filter
Zoom
Search option
The Packet List
Packet Details
Packet Bytes

PX_lastname_WireSharkP14.png
- Screen shot of:
sort the packets by protocol
find the jpeg / JFIF
Scroll down to JPEG file

PX_lastname_WireSharkP15.png
- Screen shot of:
locate the http packet that is a POST


PX_lastname_WireSharkP16.png
- Screen shot of:
In Wireshark, click File Open -> tcpdump.pcap


PX_lastname_WireSharkP17.png
- Screen shot of:
Find the same packets that exchange data and info include
images / Login credentials