Lab 3 involved looking at some HTTP vs HTTPS data. Another shorter lab that I managed to get done late Friday before the weekend got underway.
The labs and their questions are having me dig deeper into the filters and their syntax, and I’m learning that that’s where the power of Wireshark really lies. These sample PCAP’s that we’re analyzing are pretty small, making manual scrolling through them pretty easy, but I can imagine larger PCAP’s where the only way to get at any useful information is through filters. The trick, I suppose, is knowing what it is you’re looking for.
The other thing I learned specifically was how to build and use the IO Graph. Much to my surprise, it works in a somewhat similar way to the Windows Performance Monitor. Instead of selecting from a pre-existing list of counters, you simply add a display filter and off you go. In these questions I graphed the bits per second between HTTP and HTTPS traffic to find which one had the highest bps (no spoilers here – go get your own copy).
As a small tangent — I don’t know why, but I seemed to have forgotten picking up one of Laura Chappell’s other books last year. Wireshark 101, Essential Skills for Network Analysis. I’m sad I forgot about that, but I now have it next to me and will be trying to get a little bit of that read after each lab as well. When I really want to deep dive or understand something, I’ll whip out another tome on the shelf – TCP/IP Illustrated, Volume 1.
I know – all of the information contained in these books can be found online with a quick Bing search. There’s just something I enjoy about having certain reference material in hardcopy. Perhaps I’m old school.
And with Lab 3 now behind me, I’m looking forward and starting in on Lab 4 – “TCP Analysis”. I’ve a fairly busy week ahead of me but should be plenty of time to get it done. There are a total of 16 labs in this book, and while I’m not looking to rush through it, my goal is to be complete before the Thanksgiving Holiday. Leave the last month or so for thinking ahead to 2024….