Summary
Overview
This session is a hands-on, instructor-led exercise in network traffic analysis using a capture file. The instructor guides learners to answer a set of 11 questions (including 4 sub-questions) by exploring packet capture properties, filters, and statistics features in a network analysis tool (likely Wireshark). The focus is on developing investigative skills—requiring learners to navigate the interface, interpret data, and document their methodology rather than receive direct answers. The session emphasizes active learning through exploration and detailed documentation of findings.
Topic (Timeline)
1. Exercise Introduction and Instructions [00:00:00 - 00:02:40]
The instructor introduces a hands-on exercise involving 11 questions (with 4 sub-questions) to be answered using a provided packet capture file. Learners are instructed to locate answers by navigating the tool’s interface—using features such as File Properties, statistics, conversation views, and endpoint analysis—without being given direct hints or answer phrases. Learners are told to document their process: where they looked, how they found the answer, and why it is correct. The instructor emphasizes that detailed explanations are required and that the exercise will take approximately 33 minutes to complete. Learners are encouraged to write responses directly into the file’s comment field, save their work, and prepare for a follow-up review.
2. Check-in and Progress Monitoring [00:05:52 - 00:07:35]
The instructor checks in with learners to assess progress. A brief exchange confirms learner presence and identifies confusion or uncertainty around questions 4 and 5, particularly regarding discrepancies in numerical values. The instructor notes that the difference between these values is meaningful and related to underlying data interpretation. At 00:07:20, a learner indicates they are working on the last question. The instructor grants additional time, stating they will return at 00:15:00 (implied from prior context) to review completed work and provide detailed explanations afterward.
Appendix
Action Items for Learners
- Answer all 11 questions (including 4 sub-questions) using the packet capture file.
- Document the exact navigation path taken to find each answer (e.g., “Statistics > Conversation > TCP”).
- Include reasoning for each response: why the data supports the conclusion.
- Save annotated comments in the capture file for instructor review.
- Prepare to discuss discrepancies between questions 4 and 5 during follow-up.
Tools and Features Referenced
- File > Properties (for metadata and capture details)
- Statistics > Conversations (for traffic flow analysis)
- Statistics > Endpoints (for source/destination identification)
- Filter field (for narrowing packet display)
- Edit Comment function (for recording answers and methodology)
Key Learning Objective
Develop proficiency in autonomous network analysis by linking interface navigation to data interpretation, reinforcing retention through active problem-solving and documentation.