Tools Used
- Wireshark
- Packet capture file (.pcap)
- Linux environment
What I Did
First, I opened the packet capture file:
- network_traffic.pcap
There was a lot of data, so I applied a filter to focus only on HTTP traffic:
http
This helped me isolate only the web traffic from the full capture.
After filtering, I exported the data:
- File name: evidence.csv
- Location: /home/labex/project/
I made sure the exported file included HTTP-related details so it could be used by the forensics team.
Findings
- I successfully filtered out only HTTP traffic from the capture
- The exported CSV contained relevant protocol information
- This made it easier to review the data outside of Wireshark
What I Noticed
- Filtering is important before exporting, otherwise the file becomes too large and messy
- Exporting to CSV makes it easier for teams to analyze data using other tools
- I also checked the traffic to see if anything looked unusual, but nothing stood out in this case
Impact
In a real-world scenario:
- Analysts often need to export specific traffic for:
- Forensics teams
- Reporting
- Further analysis
- HTTP traffic is especially important because it can contain sensitive or unencrypted data
Conclusion
This lab helped me understand how to:
- Filter specific protocol traffic
- Export network data into usable formats
- Prepare evidence for investigation teams