{"id":234,"date":"2023-09-06T17:18:33","date_gmt":"2023-09-07T01:18:33","guid":{"rendered":"https:\/\/www.dumpsterfirecomputing.com\/?p=234"},"modified":"2023-09-06T17:18:35","modified_gmt":"2023-09-07T01:18:35","slug":"wireshark-workbook-lab-1","status":"publish","type":"post","link":"https:\/\/www.dumpsterfirecomputing.com\/?p=234","title":{"rendered":"Wireshark Workbook &#8211; Lab 1"},"content":{"rendered":"\n<p>I&#8217;ve taken my time and enjoyed the exercises in Lab 1 of the <a href=\"https:\/\/www.amazon.com\/Wireshark-Workbook-Practice-Challenges-Solutions\/dp\/1893939642\/ref=sr_1_1?crid=1MEOM9A5NPCK0&amp;keywords=wireshark+workbook&amp;qid=1694048598&amp;sprefix=wireshark+workbook%2Caps%2C211&amp;sr=8-1\">Wireshark Workbook<\/a>.  It contained 25 questions to work through, and I was pleased with my own results.<\/p>\n\n\n\n<p>As I work through the labs and questions, I&#8217;m using OneNote to really try and &#8220;show my work&#8221;, document my thoughts for how I&#8217;m reaching an answer.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"594\" height=\"546\" src=\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image.png\" alt=\"\" class=\"wp-image-235\" srcset=\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image.png 594w, https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-300x276.png 300w\" sizes=\"auto, (max-width: 594px) 100vw, 594px\" \/><\/figure>\n\n\n\n<p>This is helping as I go back and review my work.  When I finished with all the questions for lab 1, I then go one question at a time, read the answer and compare how I did.  <\/p>\n\n\n\n<p>There were two interesting things I learned out of this lab.  The first was how to reassemble \/ download \/ view objects captured in a PCAP file.  One of the labs had me download an image and report what words were there.  For this one, I literally had no idea after poking around, so finally had to resort to looking it up online.<\/p>\n\n\n\n<p>The second interesting thing I learned was a default subdissector setting around reassembling TCP streams.  This is enabled by default, which isn&#8217;t a problem unless you&#8217;re looking for <em>actual <\/em>response times for things.  I&#8217;ll explain through the use of this highly professional diagram:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"337\" src=\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-1.png\" alt=\"\" class=\"wp-image-236\" srcset=\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-1.png 670w, https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-1-300x151.png 300w\" sizes=\"auto, (max-width: 670px) 100vw, 670px\" \/><\/figure>\n\n\n\n<p>If the HTTP request is to download an image, then with the reassemble TCP streams enabled (the default), the &#8220;Time since request&#8221; value will be the time from the request to the end of the object download (the red line above).  With reassemble TCP streams disabled, the &#8220;Time since request&#8221; measure only the time between request and initial server response (the blue line above).  It&#8217;s interesting, and something I didn&#8217;t know.<\/p>\n\n\n\n<p>Looking forward to what the next set of labs will be and what else I&#8217;ll learn!<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve taken my time and enjoyed the exercises in Lab 1 of the Wireshark Workbook. It contained 25 questions to work through, and I was pleased with my own results. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[14,53],"class_list":["post-234","post","type-post","status-publish","format-standard","hentry","category-learning","tag-learning","tag-wireshark"],"_links":{"self":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=234"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/234\/revisions"}],"predecessor-version":[{"id":237,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/234\/revisions\/237"}],"wp:attachment":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}