video1.0<iframe src="https://www.loom.com/embed/5156e05f822c4567a25e2b44f90a42d0" frameborder="0" width="1920" height="1440" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>14401920Loomhttps://www.loom.com14401920https://cdn.loom.com/sessions/thumbnails/5156e05f822c4567a25e2b44f90a42d0-c1654e429b6e49af.gif1148.004In this lab, I walk through downloading and using Wireshark to monitor network packets for troubleshooting and spotting malicious activity. I capture a DNS lookup by running nslookup for google.com, then filtering DNS to show the A record query and reply with the IP match. Next, I show a TCP three way handshake by visiting a site and filtering TCP by the resolved IP to identify SYN, SYN ACK, and ACK. Then I demonstrate how cleartext HTTP can expose posted login credentials by filtering http request method POST and opening the signin page. I also show how to follow a TCP stream, and how to save packets and filters for later analysis.