What are the steps to Analyze the Packets Using Wireshark

What will be an ideal response?

Step 1. Apply a filter to the saved capture.
a. Press ENTER to see the prompt. Start Wireshark on Node: H1. Click OK when
prompted by the warning regarding running Wireshark as superuser.
[root@secOps analyst]# wireshark-gtk &
b. In Wireshark, click File > Open. Select the saved pcap file located at /home/analyst/
capture.pcap.
c. Apply a tcp filter to the capture. In this example, the first 3 frames are the interested
traffic.


Step 2. Examine the information within packets including IP addresses, TCP port numbers, and TCP
control flags.
a. In this example, frame 1 is the start of the three-way handshake between the PC and
the server on H4. In the packet list pane (top section of the main window), select the
first packet, if necessary.
b. Click the arrow to the left of the Transmission Control Protocol in the packet details
pane to expand the window and examine the TCP information. Locate the source and
destination port information.
c. Click the arrow to the left of the Flags. A value of 1 means that flag is set. Locate the
flag that is set in this packet.
Note: You may have to adjust the top and middle windows sizes within Wireshark to display the necessary information.