For this project I'm analyze network protocols traffic that flows to the VM. Wireshark is a free service that is already install in Kali Linux environment.

Programs

1. Wireshark

Virtual Environments

1. Kali Linux

2. Windows 10

                                               Brief description on Wireshark
   

Wireshark is the most commonly used and world’s foremost network protocol analyzer. It enables one to observe the network on a microscopic level and let’s one analyze what is happening on thenetwork. It is a standard tool used by many non-profit, educational and commercial organizations alike.

                                                Steps to install:

1. Install wireshark using this link: https://www.wireshark.org/download.html
2. Download the installer as per your file system configurations
3. Find the installer file of Wireshark you downloaded then open it.
4. As you go through the installtion you can agree to the settings. Once everythig is set you can click on finsih to complete the installtion of Wireshark.

                                                How to use display filters on Wireshark:

1. Filters are used to view packets to meet a specific criterion.

2. When using analysis to help isolate a specific conversation to find malware.

3. The display filters has three colors. Red expressions for not accepted traffic, yellow is expression that is accpeted but is not working as expected, green expression is what has been accepted and will work.

                                                How to use Boolean searches:
   

4. You can use Boolean expressions to display filter in specifying values and combining them.

5. And: && or and

6. Equals: == or eq

7. Or: ||(double pipe) or or

                                                Identify HTTP Traffic
   

8. To start I have creat a pcapng file that you can record by starting Wireshark as admin.

9. Once I started Wireshark, I went to internet explorer then click on www.google.com.

10. Once I get to google I stop the Wireshark services which recored pcapng file.

11. I turn on the display filters for HTTP traffic and boom here are the logs.

                                                Identify a 3-way handshake
    

12. In this example you will see a 3-way handshake between two IP addresses.

13. The 3-way handshake is packets being sent to another host address. You can confirm this by [SYN] message in Wireshark.

14. After the [SYN] message I look in the logs for a response back. The proper response from the second IP is [SYN, ACK] message.

15. To end the handshake first IP address send [ACK] message to the second IP address and it has your 3 way handshake.