Course 6 - Network Traffic Analysis for Incident Response | Episode 2: Wireshark Features and Comprehensive Protocol Dissection

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/72/9c/78/729c78c8-dd4a-83f1-d865-c815a52fcb4a/mza_18143718259370525373.jpg/600x600bb.jpg

CyberCode Academy

62 episodes

20 hours ago

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.
🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time.
From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning.
Study anywhere, anytime — and level up your skills with CyberCode Academy.
🚀 Learn. Code. Secure.

All content for CyberCode Academy is the property of CyberCode Academy and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Courses

Education,

Technology

https://d3wo5wojvuv7l.cloudfront.net/t_rss_itunes_square_1400/images.spreaker.com/original/83e3df6bb0ad608d0ce8d08b99a19216.jpg

Course 6 - Network Traffic Analysis for Incident Response | Episode 2: Wireshark Features and Comprehensive Protocol Dissection

CyberCode Academy

12 minutes

6 days ago

Course 6 - Network Traffic Analysis for Incident Response | Episode 2: Wireshark Features and Comprehensive Protocol Dissection

In this lesson, you’ll learn about:

Transitioning from theoretical networking concepts to hands-on traffic analysis.
Using Wireshark to capture, dissect, filter, and understand live network traffic.
Identifying how common protocols appear in real packet captures, including their structure and behavior.
Recognizing how different protocols handle communication, reliability, and security.

Wireshark: Introduction & Core Features

What Wireshark Is:
- A free, GUI-based network traffic analyzer (formerly Ethereal).
- Supports live packet capture and loading .cap / .pcap files.
Key Features Covered:
- Capture Management:
  - Start live captures with options like promiscuous mode.
  - Load and inspect previously saved capture files.
- File Handling & Exporting:
  - Merge capture files (if timestamps align).
  - Import packets from hex dumps.
  - Export selected packets or full dissections in text, CSV, JSON, XML.
  - Export TLS session keys for decrypting certain encrypted traffic.
- UI Navigation:
  - Color-coded packet list (e.g., green = TCP/HTTP, red = errors/retransmissions).
  - Three-pane layout: Packet list → Protocol dissection → Raw hex/ASCII.
- Analysis Tools:
  - Display filters for precise inspection (e.g., tcp.port == 80).
  - Follow TCP/HTTP Stream to trace entire conversations.
  - Decode As to reinterpret traffic running on uncommon ports.

Protocol Dissection: What You’ll See in Wireshark 1. IP (IPv4/IPv6)

View IP headers, including TTL (Time To Live) as hop count.
Look at IPv6 structures and tunneling protocols such as:
- 6to4
- 6in4
Learn how IPv6 packets travel across IPv4 networks.

2. TCP (Transmission Control Protocol)

Understand reliability and session management.
Observe:
- The 3-way handshake: SYN → SYN-ACK → ACK
- Connection teardown: FIN/FIN-ACK or RST
- Flags, sequence numbers, acknowledgments, and retransmissions.

3. UDP (User Datagram Protocol)

Minimal, fast, connectionless protocol.
No handshake, no retransmission.
Used in scenarios requiring speed over reliability.

4. ICMP (Internet Control Message Protocol)

Used for error reporting and diagnostic tools like:
- Ping (Echo Request/Reply – Type 8/Type 0)
- Traceroute
Note: While essential, ICMP must be carefully controlled on networks.

5. ARP (Address Resolution Protocol)

Maps IP → MAC inside local networks.
Stateless nature allows ARP poisoning, a common man-in-the-middle technique.

Higher-Level / Application Protocols in Wireshark 1. DNS (Domain Name System)

Seen mostly over UDP.
Analyze queries, recursion, multiple responses (A, MX, etc.).

2. HTTP (Hypertext Transfer Protocol)

Review request lines, headers (User-Agent, Host, URI) and response codes.
HTTP is common in analysis due to high traffic volume.
Also widely monitored because attackers often misuse it for hidden communications.

3. FTP (File Transfer Protocol)

A clear-text protocol:
- Credentials and transfers visible in packet captures.
Highlights the need for secure alternatives (FTPS / SFTP).

4. IRC (Internet Relay Chat)

Simple text-based...