Analyzing Network Protocols with Wireshark

This GitHub repository contains packet captures used in demonstrations for the Analyzing Network Protocols with Wireshark Pluralsight course.

The overwhelming majority of these packet captures are sourced from Nick Russo's packet capture job aids.

The below sections are a "table of contents" for the packet captures in this repository.

Module 2

• Clip 2: Demonstrates untagged Ethernet frames.
• Clip 3: Demonstrates Ethernet frames with IEEE 802.1Q tags representing VLANs.
• Clip 5: Demonstrates an exchange of ARP Request and ARP Reply messages.
• Clip 6: Demonstrates Gratuitous ARP messages.
• Clip 7: Demonstrates ARP-specific behavior of scanning tools, including (but not limited to) nmap, Nessus, and Qualys.

Module 3

• Clip 3: Demonstrates IPv4 packets with Don't Fragment (DF) bit variations through ICMP Echo Request and ICMP Echo Reply messages.
• Clip 4: Demonstrates IPv4 fragmentation through large ICMP Echo Request and ICMP Echo Reply messages.
• Clip 5: Demonstrates IPv4 TTL value analysis.
• Clip 8: Demonstrates IPv6 packets where the packet is noted as too large to traverse the network path as dictated by an ICMPv6 Packet Too Big message sent in response to an ICMPv6 Echo Request message.
• Clip 9: Demonstrates IPv6 Hop Limit value analysis.

Module 4

• Clip 2: Demonstrates UDP traffic through uploading a file to a TFTP server.
• Clip 4: Demonstrates TCP traffic through uploading a file to an FTP server.

Module 5

• Clip 2: Demonstrates ICMP Echo Request and ICMP Echo Reply messages.
• Clip 3: Demonstrates ICMP Destination Unreachable messages with the Host Unreachable code.
• Clip 4: Demonstrates ICMP Time Exceeded messages with the TTL Exceeded in Transit code through a traceroute.

Module 6

• Clip 2: Demonstrates DNS queries and responses, largely A and AAAA record lookups.
• Clip 4: Demonstrates DHCP Discover, DHCP Offer, DHCP Request, and DHCP Ack messages through a DHCP Relay Agent.
• Clip 6: Demonstrates FTP Active Mode through interacting with an FTP server, including the retrieval of file contents.

Module 7

• Clip 2: Demonstrates HTTP traffic, including GET and POST requests.
• Clip 4
  • m7c4_https.pcapng: Demonstrates HTTPS traffic encrypted via TLS.
  • m7c4_http_tls_sslkeylogfile.txt: Contains the SSLKEYLOGFILE contents necessary to decrypt the HTTPS traffic in the m7c4_https.pcapng packet capture.