Narration Script for Slides 31 to 40

Slide 31: Statistics > Conversations

The Conversations feature in Wireshark's Statistics menu helps you visualize and analyze
the data exchange between different hosts. This slide covers how to use this feature for
detailed network analysis.

Example: Use Statistics > Conversations to identify the top conversations by data volume.
This helps you understand which pairs of devices are communicating the most.

Real-time Scenario: During a data breach investigation, you might want to identify
unusual conversations between internal and external hosts. This can help pinpoint the
source of the breach and the data that might have been exfiltrated.

Slide 32: Statistics > Protocol Hierarchy

The Protocol Hierarchy feature in Wireshark provides a breakdown of traffic based on

different protocols. This slide explains how to interpret and use this information.

Example: Use Statistics > Protocol Hierarchy to see a percentage breakdown of HTTP,
TCP, UDP, and other protocols in your capture. This helps you understand the composition
of network traffic.

Real-time Scenario: If you notice an unusually high percentage of a less common protocol,
it could indicate a specific type of attack or abnormal activity that requires further
investigation.

Slide 33: Statistics > HTTP > Requests

The HTTP Requests feature in Wireshark's Statistics menu provides insights into the
HTTP requests captured in your traffic. This slide covers how to use this feature for web
traffic analysis.

Example: Use Statistics > HTTP > Requests to view the most requested URLs, user agents,
and other HTTP request details. This helps you identify popular resources and potential
misuse.

Real-time Scenario: If you suspect a web scraping attack, analyzing HTTP requests can
help you identify the offending user agents and IP addresses. You can then block these to
mitigate the attack.

Slide 34: LAB: Wireshark

In this lab, you will gain hands-on experience with Wireshark by capturing and analyzing
network traffic. Practicing with real-world traffic helps reinforce the concepts learned.

Example: Capture traffic on your local network and use Wireshark to filter and analyze
HTTP requests, identifying the top visited websites.

Real-time Scenario: During an incident response exercise, capture and analyze traffic to
identify signs of compromise, such as unusual connections, data exfiltration, or malicious
payloads.

Slide 35: Now.. Linux

This section introduces the basics of Linux, a critical operating system for many
cybersecurity tools and environments. Understanding Linux commands and file structure is
essential for SOC analysts.

Example: Learn basic Linux commands like ls, cd, and mkdir to navigate and manage the
file system.

Real-time Scenario: During a forensic investigation, you might need to access and analyze
log files on a Linux server. Knowing how to navigate the Linux file system and use basic
commands is crucial for this task.

Slide 36: No Title

This slide may be used for various purposes such as an interlude, a summary, or
additional information that does not fit into the predefined categories. Adapt the content
based on your specific needs.

Example: Provide an overview of the upcoming topics or a brief recap of the previous
section.

Real-time Scenario: Use this slide to address any questions or clarify doubts that the
students might have from the previous slides before moving on to more complex topics.
Slide 37: Users and Privileges

Understanding user management and privileges is fundamental to securing Linux

systems. This slide covers how to manage users and their access rights.

Example: Learn commands like useradd, usermod, and chmod to create and manage user
accounts and their permissions.

Real-time Scenario: If a new employee joins the company, you need to create a user
account for them and assign appropriate permissions. Ensuring least privilege access helps
mitigate potential security risks.

Slide 38: Home Directories and “Hidden” Files

In Linux, each user has a home directory that contains personal files and configurations.
This slide explains the structure of home directories and the concept of hidden files.

Example: Hidden files in Linux start with a dot (.), such as .bashrc. Use the ls -a command
to view hidden files.

Real-time Scenario: During a forensic investigation, you might need to check hidden files
in a user's home directory for evidence of malicious activity or unauthorized configurations.

Slide 39: mkdir

The mkdir command is used to create directories in Linux. This slide covers the syntax
and options for the mkdir command.

Example: Use mkdir new_directory to create a new directory named new_directory.

Real-time Scenario: When setting up a new project or organizing files, you might need to
create multiple directories to structure the data appropriately. Knowing how to use mkdir
efficiently is essential.

Slide 40: Finding Files With locate

The locate command is a fast way to find files in Linux. This slide explains how to use
locate to quickly search for files by name.

Example: Use locate filename to find all instances of a file named filename on the system.
 Real-time Scenario: If you need to find configuration files or logs quickly during an
investigation, the locate command can save valuable time compared to manually searching
through directories.