├── Project-1-Analyzing-HTTP-Traffic-with-Wireshark.md
├── Project-2-detecting-and-investigating-malware-traffic.md
├── Project-3-Wireshark-for-Network-Intrusion-detection.md
├── Project-4-Decrypting-and-Analyzing-TLS-Traffic-.md
├── Project-5-Capturing-anad-Analyzing-VOIP-Traffic.md
└── README.md


/Project-1-Analyzing-HTTP-Traffic-with-Wireshark.md:
--------------------------------------------------------------------------------
 1 | # Analyzing HTTP Traffic with Wireshark
 2 | 
 3 | ## Introduction
 4 | 
 5 | In this project, you'll learn how to use Wireshark to capture and analyze HTTP traffic. HTTP traffic analysis is crucial for understanding web communication, identifying potential security issues, and investigating anomalies in network traffic.
 6 | 
 7 | ## Pre-requisites
 8 | 
 9 | - Basic understanding of networking concepts
10 | - Wireshark installed on your computer
11 | - A web browser for generating HTTP traffic
12 | 
13 | ## Lab Set-up and Tools
14 | 
15 | 1. **Wireshark**: Download and install Wireshark from [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html).
16 | 2. **Web Browser**: Any modern web browser (e.g., Chrome, Firefox) for generating HTTP traffic.
17 | 
18 | ## Exercises
19 | 
20 | ### Exercise 1: Capture HTTP Traffic
21 | 
22 | #### Steps
23 | 
24 | 1. Open Wireshark.
25 | 2. Select the network interface that connects to the internet.
26 | 3. Click on the "Start Capture" button (the blue shark fin icon).
27 | 4. Open your web browser and navigate to a website that uses HTTP (e.g., http://example.com).
28 | 5. Let the page load completely and then stop the capture in Wireshark by clicking on the red square icon.
29 | 
30 | #### Expected Output
31 | 
32 | - A capture file containing network traffic, including HTTP requests and responses.
33 | 
34 | ### Exercise 2: Filter HTTP Traffic
35 | 
36 | #### Steps
37 | 
38 | 1. In Wireshark, go to the filter bar at the top.
39 | 2. Enter the filter `http` and press Enter.
40 | 3. Wireshark will display only the HTTP traffic from the capture.
41 | 
42 | #### Expected Output
43 | 
44 | - Displayed HTTP traffic filtered from the overall capture.
45 | 
46 | ### Exercise 3: Analyze HTTP Requests
47 | 
48 | #### Steps
49 | 
50 | 1. In the filtered HTTP traffic, locate an HTTP GET request.
51 | 2. Click on the GET request to view its details in the packet details pane.
52 | 3. Expand the "Hypertext Transfer Protocol" section to see detailed information about the request, such as the requested URL, headers, and parameters.
53 | 
54 | #### Expected Output
55 | 
56 | - Detailed information about an HTTP GET request displayed.
57 | 
58 | ### Exercise 4: Analyze HTTP Responses
59 | 
60 | #### Steps
61 | 
62 | 1. In the filtered HTTP traffic, locate the corresponding HTTP response for the GET request you analyzed.
63 | 2. Click on the response to view its details in the packet details pane.
64 | 3. Expand the "Hypertext Transfer Protocol" section to see detailed information about the response, such as the status code, headers, and content type.
65 | 
66 | #### Expected Output
67 | 
68 | - Detailed information about an HTTP response displayed.
69 | 
70 | ### Exercise 5: Extract and Examine Payload Data
71 | 
72 | #### Steps
73 | 
74 | 1. In the HTTP response details, look for the payload data (e.g., HTML content).
75 | 2. Right-click on the response packet and select "Follow" > "TCP Stream" to view the entire HTTP conversation.
76 | 3. Examine the payload data in the TCP stream window to understand the content being transferred.
77 | 
78 | #### Expected Output
79 | 
80 | - Payload data from the HTTP response extracted and examined.
81 | 
82 | ## Conclusion
83 | 
84 | By completing these exercises, you have learned how to capture, filter, and analyze HTTP traffic using Wireshark. These skills are essential for understanding web communication, troubleshooting network issues, and performing security investigations.
85 | 


--------------------------------------------------------------------------------
/Project-2-detecting-and-investigating-malware-traffic.md:
--------------------------------------------------------------------------------
 1 | # Detecting and Investigating Malware Traffic
 2 | 
 3 | ## Introduction
 4 | 
 5 | In this project, you'll learn how to use Wireshark to detect and investigate malware traffic. Identifying malicious network behavior is crucial for protecting networks and responding to security incidents.
 6 | 
 7 | ## Pre-requisites
 8 | 
 9 | - Basic understanding of networking concepts
10 | - Wireshark installed on your computer
11 | - A sample PCAP file containing malware traffic (e.g., from [Malware Traffic Analysis](https://www.malware-traffic-analysis.net/))
12 | 
13 | ## Lab Set-up and Tools
14 | 
15 | 1. **Wireshark**: Download and install Wireshark from [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html).
16 | 2. **Sample PCAP File**: Download a sample PCAP file containing malware traffic for analysis.
17 | 
18 | ## Exercises
19 | 
20 | ### Exercise 1: Load a Sample PCAP File
21 | 
22 | #### Steps
23 | 
24 | 1. Open Wireshark.
25 | 2. Go to "File" > "Open" and select the sample PCAP file you downloaded.
26 | 3. The file will load, and the captured traffic will be displayed.
27 | 
28 | #### Expected Output
29 | 
30 | - The sample PCAP file containing network traffic loaded in Wireshark.
31 | 
32 | ### Exercise 2: Identify Malicious Traffic Patterns
33 | 
34 | #### Steps
35 | 
36 | 1. Look for unusual patterns in the traffic, such as repeated connections to suspicious IP addresses, unusual protocols, or large amounts of data being transferred.
37 | 2. Use the filter bar to isolate suspicious traffic. Common filters include:
38 |     - `ip.addr == x.x.x.x` (replace `x.x.x.x` with a suspicious IP address)
39 |     - `tcp.port == 4444` (common port used by malware)
40 |     - `http.request` (to view HTTP requests that might indicate command-and-control activity)
41 | 
42 | #### Expected Output
43 | 
44 | - Suspicious traffic patterns identified in the network capture.
45 | 
46 | ### Exercise 3: Analyze Malicious Traffic
47 | 
48 | #### Steps
49 | 
50 | 1. Select a packet that appears suspicious based on your initial analysis.
51 | 2. Click on the packet to view its details in the packet details pane.
52 | 3. Expand the relevant protocol sections to examine the details of the packet, such as headers, payload data, and any anomalies.
53 | 
54 | #### Expected Output
55 | 
56 | - Detailed information about a suspicious packet analyzed.
57 | 
58 | ### Exercise 4: Follow the Malware's Communication Stream
59 | 
60 | #### Steps
61 | 
62 | 1. Right-click on a suspicious packet and select "Follow" > "TCP Stream" or "UDP Stream" to view the entire conversation.
63 | 2. Analyze the conversation for indicators of malicious activity, such as unusual commands, encoded data, or unexpected file transfers.
64 | 
65 | #### Expected Output
66 | 
67 | - A complete communication stream of the malware analyzed.
68 | 
69 | ### Exercise 5: Document and Report Findings
70 | 
71 | #### Steps
72 | 
73 | 1. Take notes on the suspicious activities and patterns you identified in the traffic.
74 | 2. Document key findings, including IP addresses, ports, payload data, and any other relevant details.
75 | 3. Summarize your findings in a report format, which can be used for further investigation or as part of a security incident report.
76 | 
77 | #### Expected Output
78 | 
79 | - A detailed report documenting the findings from your malware traffic analysis.
80 | 
81 | ## Conclusion
82 | 
83 | By completing these exercises, you have learned how to detect and investigate malware traffic using Wireshark. These skills are essential for identifying malicious network behavior, responding to security incidents, and protecting network infrastructure.
84 | 


--------------------------------------------------------------------------------
/Project-3-Wireshark-for-Network-Intrusion-detection.md:
--------------------------------------------------------------------------------
 1 | # Wireshark for Network Intrusion Detection
 2 | 
 3 | ## Introduction
 4 | 
 5 | In this project, you'll learn how to use Wireshark for network intrusion detection. Identifying and analyzing suspicious network activities is crucial for maintaining network security and responding to potential threats.
 6 | 
 7 | ## Pre-requisites
 8 | 
 9 | - Basic understanding of networking concepts
10 | - Wireshark installed on your computer
11 | - A sample PCAP file containing network intrusions (e.g., from [Contagio Dump](http://contagiodump.blogspot.com/))
12 | 
13 | ## Lab Set-up and Tools
14 | 
15 | 1. **Wireshark**: Download and install Wireshark from [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html).
16 | 2. **Sample PCAP File**: Download a sample PCAP file containing network intrusion data for analysis.
17 | 
18 | ## Exercises
19 | 
20 | ### Exercise 1: Load a Sample PCAP File
21 | 
22 | #### Steps
23 | 
24 | 1. Open Wireshark.
25 | 2. Go to "File" > "Open" and select the sample PCAP file you downloaded.
26 | 3. The file will load, and the captured traffic will be displayed.
27 | 
28 | #### Expected Output
29 | 
30 | - The sample PCAP file containing network traffic loaded in Wireshark.
31 | 
32 | ### Exercise 2: Identify Indicators of Compromise (IOCs)
33 | 
34 | #### Steps
35 | 
36 | 1. Look for common indicators of compromise, such as:
37 |     - Unusual IP addresses
38 |     - Known malicious ports
39 |     - Suspicious protocols (e.g., IRC, SMB)
40 | 2. Use filters to isolate suspicious traffic. Examples include:
41 |     - `ip.addr == x.x.x.x` (replace `x.x.x.x` with a known malicious IP address)
42 |     - `tcp.port == 23` (to filter Telnet traffic)
43 |     - `dns.qry.name contains "malicious.com"` (to identify DNS requests to suspicious domains)
44 | 
45 | #### Expected Output
46 | 
47 | - Suspicious traffic and potential indicators of compromise identified.
48 | 
49 | ### Exercise 3: Analyze Suspicious Packets
50 | 
51 | #### Steps
52 | 
53 | 1. Select a packet that appears suspicious based on the identified IOCs.
54 | 2. Click on the packet to view its details in the packet details pane.
55 | 3. Expand the relevant protocol sections to examine the packet details, such as headers, payload data, and any anomalies.
56 | 
57 | #### Expected Output
58 | 
59 | - Detailed information about a suspicious packet analyzed.
60 | 
61 | ### Exercise 4: Follow the Intrusion's Communication Stream
62 | 
63 | #### Steps
64 | 
65 | 1. Right-click on a suspicious packet and select "Follow" > "TCP Stream" or "UDP Stream" to view the entire conversation.
66 | 2. Analyze the conversation for indicators of an intrusion, such as unusual commands, unexpected data transfers, or encoded communications.
67 | 
68 | #### Expected Output
69 | 
70 | - A complete communication stream of the intrusion analyzed.
71 | 
72 | ### Exercise 5: Document and Report Findings
73 | 
74 | #### Steps
75 | 
76 | 1. Take notes on the suspicious activities and patterns you identified in the traffic.
77 | 2. Document key findings, including IP addresses, ports, payload data, and any other relevant details.
78 | 3. Summarize your findings in a report format, which can be used for further investigation or as part of a security incident report.
79 | 
80 | #### Expected Output
81 | 
82 | - A detailed report documenting the findings from your network intrusion analysis.
83 | 
84 | ## Conclusion
85 | 
86 | By completing these exercises, you have learned how to detect and analyze network intrusions using Wireshark. These skills are essential for maintaining network security, identifying potential threats, and responding to security incidents.
87 | 


--------------------------------------------------------------------------------
/Project-4-Decrypting-and-Analyzing-TLS-Traffic-.md:
--------------------------------------------------------------------------------
 1 | # Decrypting and Analyzing SSL/TLS Traffic
 2 | 
 3 | ## Introduction
 4 | 
 5 | In this project, you'll learn how to use Wireshark to decrypt and analyze SSL/TLS traffic. Understanding SSL/TLS traffic is essential for diagnosing issues with secure communications and ensuring the security of data in transit.
 6 | 
 7 | ## Pre-requisites
 8 | 
 9 | - Basic understanding of networking and encryption concepts
10 | - Wireshark installed on your computer
11 | - Access to SSL/TLS server private keys (for decryption purposes)
12 | - A sample PCAP file containing SSL/TLS traffic
13 | 
14 | ## Lab Set-up and Tools
15 | 
16 | 1. **Wireshark**: Download and install Wireshark from [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html).
17 | 2. **Sample PCAP File**: Download a sample PCAP file containing SSL/TLS traffic.
18 | 3. **Private Key File**: Obtain the private key for the SSL/TLS server used in the sample PCAP file.
19 | 
20 | ## Exercises
21 | 
22 | ### Exercise 1: Load a Sample PCAP File
23 | 
24 | #### Steps
25 | 
26 | 1. Open Wireshark.
27 | 2. Go to "File" > "Open" and select the sample PCAP file you downloaded.
28 | 3. The file will load, and the captured traffic will be displayed.
29 | 
30 | #### Expected Output
31 | 
32 | - The sample PCAP file containing network traffic loaded in Wireshark.
33 | 
34 | ### Exercise 2: Configure SSL/TLS Decryption
35 | 
36 | #### Steps
37 | 
38 | 1. In Wireshark, go to "Edit" > "Preferences".
39 | 2. Expand the "Protocols" list and select "SSL" or "TLS".
40 | 3. In the "RSA keys list" section, click "Edit".
41 | 4. Add a new entry with the following details:
42 |     - IP address: The IP address of the SSL/TLS server
43 |     - Port: The port number used (e.g., 443 for HTTPS)
44 |     - Protocol: `http` or `ssl`
45 |     - Key file: Path to the private key file
46 | 5. Click "OK" to save the settings.
47 | 
48 | #### Expected Output
49 | 
50 | - Wireshark configured to use the provided private key for SSL/TLS decryption.
51 | 
52 | ### Exercise 3: Filter SSL/TLS Traffic
53 | 
54 | #### Steps
55 | 
56 | 1. In the filter bar at the top, enter the filter `ssl` or `tls` and press Enter.
57 | 2. Wireshark will display only the SSL/TLS traffic from the capture.
58 | 
59 | #### Expected Output
60 | 
61 | - Displayed SSL/TLS traffic filtered from the overall capture.
62 | 
63 | ### Exercise 4: Decrypt and Analyze SSL/TLS Packets
64 | 
65 | #### Steps
66 | 
67 | 1. Select a decrypted SSL/TLS packet from the filtered traffic.
68 | 2. Click on the packet to view its details in the packet details pane.
69 | 3. Expand the "Secure Sockets Layer" or "Transport Layer Security" section to view detailed information about the handshake, encryption parameters, and decrypted data.
70 | 
71 | #### Expected Output
72 | 
73 | - Detailed information about decrypted SSL/TLS packets displayed.
74 | 
75 | ### Exercise 5: Follow SSL/TLS Streams
76 | 
77 | #### Steps
78 | 
79 | 1. Right-click on a decrypted SSL/TLS packet and select "Follow" > "TCP Stream" to view the entire conversation.
80 | 2. Analyze the decrypted stream to understand the data being transmitted and identify any potential security issues.
81 | 
82 | #### Expected Output
83 | 
84 | - A complete, decrypted SSL/TLS communication stream analyzed.
85 | 
86 | ## Conclusion
87 | 
88 | By completing these exercises, you have learned how to decrypt and analyze SSL/TLS traffic using Wireshark. These skills are essential for diagnosing issues with secure communications, ensuring data security, and understanding encrypted network traffic.
89 | 


--------------------------------------------------------------------------------
/Project-5-Capturing-anad-Analyzing-VOIP-Traffic.md:
--------------------------------------------------------------------------------
 1 | # Capturing and Analyzing VoIP Traffic
 2 | 
 3 | ## Introduction
 4 | 
 5 | In this project, you'll learn how to use Wireshark to capture and analyze VoIP (Voice over IP) traffic. VoIP analysis is essential for diagnosing issues with voice communications, ensuring call quality, and identifying potential security vulnerabilities.
 6 | 
 7 | ## Pre-requisites
 8 | 
 9 | - Basic understanding of networking and VoIP concepts
10 | - Wireshark installed on your computer
11 | - Access to a VoIP network or a sample PCAP file containing VoIP traffic
12 | 
13 | ## Lab Set-up and Tools
14 | 
15 | 1. **Wireshark**: Download and install Wireshark from [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html).
16 | 2. **VoIP Network or Sample PCAP File**: Access a VoIP network or download a sample PCAP file containing VoIP traffic.
17 | 
18 | ## Exercises
19 | 
20 | ### Exercise 1: Capture VoIP Traffic
21 | 
22 | #### Steps
23 | 
24 | 1. Open Wireshark.
25 | 2. Select the network interface that connects to the VoIP network.
26 | 3. Click on the "Start Capture" button (the blue shark fin icon).
27 | 4. Initiate a VoIP call on the network.
28 | 5. Let the call proceed for a few moments and then stop the capture in Wireshark by clicking on the red square icon.
29 | 
30 | #### Expected Output
31 | 
32 | - A capture file containing VoIP traffic, including call setup, RTP streams, and teardown messages.
33 | 
34 | ### Exercise 2: Filter VoIP Traffic
35 | 
36 | #### Steps
37 | 
38 | 1. In Wireshark, go to the filter bar at the top.
39 | 2. Enter the filter `sip || rtp` and press Enter.
40 | 3. Wireshark will display only the SIP and RTP traffic from the capture.
41 | 
42 | #### Expected Output
43 | 
44 | - Displayed SIP and RTP traffic filtered from the overall capture.
45 | 
46 | ### Exercise 3: Analyze SIP Packets
47 | 
48 | #### Steps
49 | 
50 | 1. In the filtered VoIP traffic, locate a SIP INVITE packet.
51 | 2. Click on the SIP INVITE packet to view its details in the packet details pane.
52 | 3. Expand the "Session Initiation Protocol" section to see detailed information about the call setup, such as the calling and called parties, and session parameters.
53 | 
54 | #### Expected Output
55 | 
56 | - Detailed information about a SIP INVITE packet displayed.
57 | 
58 | ### Exercise 4: Analyze RTP Streams
59 | 
60 | #### Steps
61 | 
62 | 1. In the filtered VoIP traffic, locate an RTP packet.
63 | 2. Click on the RTP packet to view its details in the packet details pane.
64 | 3. Expand the "Real-Time Transport Protocol" section to see detailed information about the RTP stream, such as payload type, sequence number, and timestamp.
65 | 4. Go to "Telephony" > "RTP" > "Stream Analysis" to analyze the RTP stream quality and metrics.
66 | 
67 | #### Expected Output
68 | 
69 | - Detailed information about RTP packets and analysis of the RTP stream quality.
70 | 
71 | ### Exercise 5: Playback VoIP Calls
72 | 
73 | #### Steps
74 | 
75 | 1. In Wireshark, go to "Telephony" > "VoIP Calls".
76 | 2. Select the VoIP call you captured and click on "Player".
77 | 3. Use the player controls to play back the audio of the VoIP call.
78 | 4. Analyze the audio for any issues, such as packet loss, jitter, or poor quality.
79 | 
80 | #### Expected Output
81 | 
82 | - VoIP call audio playb
83 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Free Wireshark Projects for Beginners
 2 | 
 3 | ## Overview
 4 | 
 5 | This repository contains five beginner-level projects focused on using Wireshark for security forensics and investigation. Each project provides hands-on experience with essential techniques for capturing and analyzing network traffic to identify potential security issues and improve network performance.
 6 | 
 7 | ## Projects
 8 | 
 9 | ### 1. [Analyzing HTTP Traffic with Wireshark](https://github.com/0xrajneesh/Wireshark-Projects-for-beginners/blob/main/Project-1-Analyzing-HTTP-Traffic-with-Wireshark.md)
10 | Learn how to capture and analyze HTTP traffic using Wireshark. This project covers setting up captures, filtering HTTP traffic, analyzing HTTP requests and responses, and extracting payload data.
11 | 
12 | - **Key Topics:** HTTP Traffic, Packet Analysis, Filtering, Payload Extraction
13 | - **Tools:** Wireshark, Web Browser
14 | 
15 | ### 2. [Detecting and Investigating Malware Traffic](https://github.com/0xrajneesh/Wireshark-Projects-for-beginners/blob/main/Project-2-detecting-and-investigating-malware-traffic.md)
16 | Use Wireshark to detect and investigate malware traffic. This project involves identifying suspicious patterns, analyzing malicious packets, following malware communication streams, and documenting findings.
17 | 
18 | - **Key Topics:** Malware Detection, Traffic Analysis, Indicators of Compromise, Reporting
19 | - **Tools:** Wireshark, Sample PCAP Files
20 | 
21 | ### 3. [Wireshark for Network Intrusion Detection](https://github.com/0xrajneesh/Wireshark-Projects-for-beginners/blob/main/Project-3-Wireshark-for-Network-Intrusion-detection.md)
22 | Learn to use Wireshark for network intrusion detection. This project focuses on identifying indicators of compromise, analyzing suspicious packets, following intrusion communication streams, and documenting findings.
23 | 
24 | - **Key Topics:** Intrusion Detection, Traffic Analysis, Indicators of Compromise, Reporting
25 | - **Tools:** Wireshark, Sample PCAP Files
26 | 
27 | ### 4. [Decrypting and Analyzing SSL/TLS Traffic](https://github.com/0xrajneesh/Wireshark-Projects-for-beginners/blob/main/Project-4-Decrypting-and-Analyzing-TLS-Traffic-.md)
28 | Master the process of decrypting and analyzing SSL/TLS traffic with Wireshark. This project includes configuring decryption settings, filtering SSL/TLS traffic, analyzing decrypted packets, and following secure communication streams.
29 | 
30 | - **Key Topics:** SSL/TLS Decryption, Secure Traffic Analysis, Filtering, Communication Streams
31 | - **Tools:** Wireshark, Private Key Files, Sample PCAP Files
32 | 
33 | ### 5. [Capturing and Analyzing VoIP Traffic](https://github.com/0xrajneesh/Wireshark-Projects-for-beginners/blob/main/Project-5-Capturing-anad-Analyzing-VOIP-Traffic.md)
34 | Capture and analyze VoIP traffic using Wireshark. This project covers capturing VoIP calls, filtering SIP and RTP traffic, analyzing SIP packets, examining RTP streams, and playing back VoIP call audio.
35 | 
36 | - **Key Topics:** VoIP Traffic, SIP, RTP, Call Analysis, Playback
37 | - **Tools:** Wireshark, VoIP Network or Sample PCAP Files
38 | 
39 | ## Getting Started
40 | 
41 | 1. **Clone the Repository:**
42 |     ```bash
43 |     git clone https://github.com/0xrajneesh/Wireshark-Projects-for-beginners.git
44 |     cd Wireshark-Projects-for-beginners
45 |     ```
46 | 
47 | 2. **Navigate to Each Project Directory:**
48 |     Each project has its own markdown file with detailed instructions. For example:
49 |     ```bash
50 |     cd Wireshark-Projects-for-beginners
51 |     ```
52 | 
53 | 3. **Follow the Instructions:**
54 |     Open the corresponding markdown file and follow the step-by-step instructions to complete the exercises.
55 | 
56 | 
57 | 
58 | ## About Me
59 | 
60 | Hi, I'm Rajneesh Gupta, security consultant, Coach and 2 times best-selling Author. I share security projects to help people to excel in security domain.
61 | 
62 | ## Connect with Me
63 | 
64 | - **LinkedIn**: [Rajneesh Gupta](https://www.linkedin.com/in/rajneeshcyber)
65 | - **Twitter**: [@rajneeshcyber](https://twitter.com/rajneeshcyber)
66 | - **YouTube Channel**: [Rajneesh Gupta](https://www.youtube.com/channel/rajneeshcyber)
67 | 
68 | Feel free to connect with me on any of these platforms!
69 | 
70 | ## Professional Services
71 | 
72 | For professional services and consultations, please visit my company website at [Hax Security](https://www.haxsecurity.com).
73 | 
74 | Thank you for visiting my GitHub page!
75 | 
76 | ---
77 | 
78 | 


--------------------------------------------------------------------------------