USA: +1(669)289-8683 
Sign in
Introduction
In this lab, we will investigate a packet capture (pcap) file using GUI tools as well as command line
tools. The first part of the lab is due in class tonight while part 2 will be due in about a week. They
will be submitted separately. Remember to include screen shots to show each step.
Part 2 (Due 4/26/2023)
Task 1: Command Line Tools
•
•
You may complete this portion of the lab using a Windows or Linux command line.
Install TShark, WinDump, or Tcpdump (You only need one of them).
NOTE:
o TShark is the command line version of Wireshark and is installed with Wireshark.
To run TShark on Windows, there are 2 options. You can navigate to the
Wireshark folder on your command line and run TShark from there each time
(not convenient), or you may add the Wireshark folder path to your
system/environment variables so you can run TShark from any location on the
command line (recommended).
o WinDump works on Windows while Tcpdump works on Linux. o
See the resource links below for help with installing these tools.
Task 2: Analyze a Packet Capture (pcap) file (Command Line Tools)
•
•
•
Listen to the recorded presentation provided on Blackboard and use the command line
tool of your choice (Installed above) to answer the questions in Exercise 2.
Note that the questions are already answered in part 1. So, the focus here is to show
how you used the command line tool to find your answers. For every answer, please
provide a screenshot showing the command used and the answer found. You will not
get credit if you do not provide screen shots – not even partial credit.
Hint – You will find most of the answers in the recorded lecture.
2 | Copyright © 2023 Cheche Agada. All rights reserved.
Exercise 2
(1) What is the name of Ann’s IM buddy?
(2) What was the first comment in the captured IM conversation?
(3) What is the name of the file Ann transferred?
(4) What is the magic number of the file you want to extract (first four bytes)?
(5) What is the MD5sum of the file?
(6) What is the secret recipe?
Resources
TShark on Linux (Kali, Ubuntu, etc.)
•
Tcpdump
•
WinDump
•
Converting pcapng to pcap – (tshark -F pcap -r {pcapng file} -w {pcap file})
3 | Copyright © 2023 Cheche Agada. All rights reserved.
