Lab Instructions
Hands-On: Wireshark Basics
Follow these written lab steps in order. Run one command at a time and verify output before moving on.
Lab objective
Module 2: Wireshark Basics. Spot unencrypted vs. TLS traffic. Install Wireshark and capture your own traffic ethically on interfaces and networks you own or have permission to monitor.
Command
N/AExpected result: You can distinguish unencrypted (readable) from TLS (encrypted) traffic and explain why HTTPS is necessary.
Step 1 - Install Wireshark
Install Wireshark (e.g. sudo apt install wireshark on Linux, or download from wireshark.org). On Linux you may need to add your user to the wireshark group to capture without root.
Command
sudo apt install wireshark # or your distro package managerExpected result: Wireshark launches successfully.
Step 2 - Capture and spot unencrypted vs TLS
Select a safe interface (loopback or home LAN). Start a capture. Browse to an HTTP site (e.g. http://example.com), then an HTTPS site. Stop the capture. Filter by http and by tls. For HTTP: expand a packet and observe readable payload (host, path, etc.). For TLS: observe Application Data as encrypted; only handshake is visible. Spot unencrypted vs. TLS traffic in the same capture.
Command
Wireshark: Start capture → browse HTTP then HTTPS → Stop → filter http, then tlsExpected result: You see readable HTTP payloads and encrypted TLS application data; you can explain the difference.
Step 3 - Reflect
Write a short note: what could an attacker see if you used only HTTP? How does TLS prevent that?
Command
N/AExpected result: You can explain MITM risk and the role of TLS in one or two sentences.