Now that we have covered almost all the basic features of Wireshark, in this section we will try and practically implement the techniques we have learnt so far in the previous sections. This exercise will be helpful in giving you a practical insight of various processes that are followed while performing network forensics. We will be taking an example where a user visits a website while browsing the Internet but after a few minutes he notices some weird behavior on his system. Fortunately, the user has captured a
pcap file that can help us in analyzing what exactly happened on the wire.
For your better understanding, you can download the capture file from the following location and follow up with this section: