Cybersecurityknowledge~30 mins

Wireshark packet capture basics in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Wireshark Packet Capture Basics

📖 Scenario: You are a network technician learning to use Wireshark to capture and analyze network packets. This helps you understand what data is moving through your network and troubleshoot issues.

🎯 Goal: Build a simple step-by-step guide to capture network packets using Wireshark, set a capture filter, start the capture, and stop it properly.

📋 What You'll Learn

Create a variable to hold the network interface name

Add a capture filter string to limit captured packets

Write the command to start the packet capture with the filter

Write the command to stop the packet capture

💡 Why This Matters

🌍 Real World

Network technicians and cybersecurity professionals use Wireshark to monitor and troubleshoot network traffic by capturing packets.

💼 Career

Knowing how to capture and filter packets is essential for diagnosing network problems and investigating security incidents.

Progress0 / 4 steps

Set the Network Interface

Create a variable called interface and set it to the string "eth0", which represents the network interface to capture packets from.

Cybersecurity

# Create a variable called interface and set it to "eth0"
# Your code here

Need a hint?

The network interface is usually named like "eth0", "wlan0", or similar. Use exactly "eth0" here.

Add a Capture Filter

Create a variable called capture_filter and set it to the string "tcp port 80" to capture only HTTP traffic on port 80.

Cybersecurity

interface = "eth0"
# Create a variable called capture_filter and set it to "tcp port 80"
# Your code here

Need a hint?

The capture filter limits packets to those using TCP on port 80, which is common for web traffic.

Start Packet Capture

Write a command string called start_capture_cmd that uses tshark to start capturing packets on the interface stored in interface with the filter stored in capture_filter. Use the format: "tshark -i {interface} -f '{capture_filter}'".

Cybersecurity

interface = "eth0"
capture_filter = "tcp port 80"
# Create start_capture_cmd using f-string with tshark command
# Your code here

Need a hint?

Use an f-string to insert the variables into the command string exactly as shown.

Stop Packet Capture

Create a variable called stop_capture_cmd and set it to the string "pkill tshark" which stops the running tshark capture process.

Cybersecurity

interface = "eth0"
capture_filter = "tcp port 80"
start_capture_cmd = f"tshark -i {interface} -f '{capture_filter}'"
# Create stop_capture_cmd and set it to "pkill tshark"
# Your code here

Need a hint?

The command pkill tshark stops the tshark process safely.