{"id":797,"date":"2019-08-08T07:45:37","date_gmt":"2019-08-08T12:45:37","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=797"},"modified":"2020-02-25T09:32:04","modified_gmt":"2020-02-25T15:32:04","slug":"ccna-cyberops-secops-objective-2-4","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","title":{"rendered":"CCNA CyberOps SECOPS &#8211; Objective 2.4"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Identify these key elements in an intrusion from a given PCAP file : Source address, Destination address, Source port, Destination port, Protocols, and Payloads <\/p><cite><strong>Implementing Cisco Cybersecurity Operations (210-255) <\/strong> <\/cite><\/blockquote>\n\n\n\n<p>PCAP files are a way of storing packet data captured using a packet sniffer like <a href=\"https:\/\/www.wireshark.org\">Wireshark<\/a>. The Wireshark website has dozens of example packet captures that can help you get familiar with various protocols. For this objective I am using a simple HTTP packet capture from their <a href=\"https:\/\/wiki.wireshark.org\/SampleCaptures\">repository<\/a>. It is an older capture and was saved with a .CAP extension, but changing it to .PCAP will allow it to be opened in modern versions of Wireshark.<\/p>\n\n\n\n<p>First, let&#8217;s look at the Ethernet II frame. As you can see below, Wireshark has parsed the packet to show us the source and destination MAC addresses.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1026\" height=\"206\" data-attachment-id=\"798\" data-permalink=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/pcap-1\/\" data-orig-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?fit=1026%2C206&amp;ssl=1\" data-orig-size=\"1026,206\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"pcap-1\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?fit=640%2C129&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?fit=1024%2C206&amp;ssl=1\" alt=\"\" class=\"wp-image-798\" srcset=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?w=1026&amp;ssl=1 1026w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?resize=300%2C60&amp;ssl=1 300w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?resize=768%2C154&amp;ssl=1 768w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-1.png?resize=1024%2C206&amp;ssl=1 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption>Screenshot of the Ethernet II header in Wireshark<\/figcaption><\/figure>\n\n\n\n<p>Next, let&#8217;s take a look at the IPv4 packet that is encapsulated by the Ethernet II frame above. Again Wireshark has dissected the headers for us. We can easily see the source and destination IP Addresses, the DSCP value, and protocol among other useful bits of information.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"219\" data-attachment-id=\"800\" data-permalink=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/pcap-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?fit=939%2C321&amp;ssl=1\" data-orig-size=\"939,321\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"pcap-2\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?fit=640%2C219&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?resize=640%2C219&#038;ssl=1\" alt=\"\" class=\"wp-image-800\" srcset=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?w=939&amp;ssl=1 939w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?resize=300%2C103&amp;ssl=1 300w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-2.png?resize=768%2C263&amp;ssl=1 768w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption>Screenshot from Wireshark of the IPv4 headers.<\/figcaption><\/figure>\n\n\n\n<p>At layer 4 of the OSI model, we get to the transport layer and that is the next part of the packet capture. In this case, it is a TCP datagram. The Wireshark dissection shows us the source and destination ports, the sequence number, the length of the datagram, and other analysis. Note that the next sequence number is determined by adding the length to the current sequence number. If this doesn&#8217;t match, you may have some malicious actor altering packets to accomplish an attack. Also, note the TCP flags are listed. This is important when tracking the TCP Three-Way handshake.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1030\" height=\"422\" data-attachment-id=\"801\" data-permalink=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/pcap-3\/\" data-orig-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&amp;ssl=1\" data-orig-size=\"1030,422\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"pcap-3\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=640%2C263&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1024%2C420&amp;ssl=1\" alt=\"\" class=\"wp-image-801\" srcset=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?w=1030&amp;ssl=1 1030w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?resize=300%2C123&amp;ssl=1 300w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?resize=768%2C315&amp;ssl=1 768w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?resize=1024%2C420&amp;ssl=1 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption>Screenshot from Wireshark of the TCP headers.<\/figcaption><\/figure>\n\n\n\n<p>Finally, we will skip up to the Application layer to look at the actual HTTP protocol that is being sent across the network. First, notice the request method, in this case, GET. The next two important bits of information is the URI and the Host that will tell you what is being accessed. The User-Agent is also a very important bit of information for cybersecurity analysts. Although it can be changed by many programs, it can help fingerprint what type of software is making the request.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1395\" height=\"397\" data-attachment-id=\"802\" data-permalink=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/pcap-4\/\" data-orig-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?fit=1395%2C397&amp;ssl=1\" data-orig-size=\"1395,397\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"pcap-4\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?fit=640%2C182&amp;ssl=1\" src=\"https:\/\/i2.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?fit=1024%2C291&amp;ssl=1\" alt=\"\" class=\"wp-image-802\" srcset=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?w=1395&amp;ssl=1 1395w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?resize=300%2C85&amp;ssl=1 300w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?resize=768%2C219&amp;ssl=1 768w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?resize=1024%2C291&amp;ssl=1 1024w, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-4.png?w=1280&amp;ssl=1 1280w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption>Screenshot from Wireshark of the HTTP headers.<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Identify these key elements in an intrusion from a given PCAP file : Source address, Destination address, Source port, Destination port, Protocols, and Payloads Implementing Cisco Cybersecurity Operations (210-255) PCAP files are a way of storing packet data captured using a packet sniffer like Wireshark. The Wireshark website has dozens of example packet captures that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":801,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CCNA CyberOps SECOPS - Objective 2.4 #ciscocert #ccnacyberops #ciscochampions","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,105,31,24],"tags":[107,90,106,149],"class_list":["post-797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ccna-cyberops","category-certification","category-cisco","tag-ccna-cyberops","tag-certification","tag-cisco","tag-cisco-certified-cyber-ops-associate"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CCNA CyberOps SECOPS - Objective 2.4 -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CCNA CyberOps SECOPS - Objective 2.4 -\" \/>\n<meta property=\"og:description\" content=\"Identify these key elements in an intrusion from a given PCAP file : Source address, Destination address, Source port, Destination port, Protocols, and Payloads Implementing Cisco Cybersecurity Operations (210-255) PCAP files are a way of storing packet data captured using a packet sniffer like Wireshark. The Wireshark website has dozens of example packet captures that [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-08T12:45:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-25T15:32:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i2.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1030\" \/>\n\t<meta property=\"og:image:height\" content=\"422\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CCNA CyberOps SECOPS &#8211; Objective 2.4\",\"datePublished\":\"2019-08-08T12:45:37+00:00\",\"dateModified\":\"2020-02-25T15:32:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/\"},\"wordCount\":398,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/pcap-3.png?fit=1030%2C422&ssl=1\",\"keywords\":[\"CCNA CyberOps\",\"certification\",\"cisco\",\"Cisco Certified Cyber Ops Associate\"],\"articleSection\":[\"Blog\",\"CCNA CyberOps\",\"Certification\",\"cisco\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/\",\"name\":\"CCNA CyberOps SECOPS - Objective 2.4 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/pcap-3.png?fit=1030%2C422&ssl=1\",\"datePublished\":\"2019-08-08T12:45:37+00:00\",\"dateModified\":\"2020-02-25T15:32:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/pcap-3.png?fit=1030%2C422&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/pcap-3.png?fit=1030%2C422&ssl=1\",\"width\":1030,\"height\":422},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/08\\\/ccna-cyberops-secops-objective-2-4\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CCNA CyberOps SECOPS &#8211; Objective 2.4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CCNA CyberOps SECOPS - Objective 2.4 -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","og_locale":"en_US","og_type":"article","og_title":"CCNA CyberOps SECOPS - Objective 2.4 -","og_description":"Identify these key elements in an intrusion from a given PCAP file : Source address, Destination address, Source port, Destination port, Protocols, and Payloads Implementing Cisco Cybersecurity Operations (210-255) PCAP files are a way of storing packet data captured using a packet sniffer like Wireshark. The Wireshark website has dozens of example packet captures that [&hellip;]","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-08-08T12:45:37+00:00","article_modified_time":"2020-02-25T15:32:04+00:00","og_image":[{"width":1030,"height":422,"url":"https:\/\/i2.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","type":"image\/png"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CCNA CyberOps SECOPS &#8211; Objective 2.4","datePublished":"2019-08-08T12:45:37+00:00","dateModified":"2020-02-25T15:32:04+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/"},"wordCount":398,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","keywords":["CCNA CyberOps","certification","cisco","Cisco Certified Cyber Ops Associate"],"articleSection":["Blog","CCNA CyberOps","Certification","cisco"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","name":"CCNA CyberOps SECOPS - Objective 2.4 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","datePublished":"2019-08-08T12:45:37+00:00","dateModified":"2020-02-25T15:32:04+00:00","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","width":1030,"height":422},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CCNA CyberOps SECOPS &#8211; Objective 2.4"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-cR","jetpack-related-posts":[{"id":804,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/09\/ccna-cyberops-secops-objective-2-5\/","url_meta":{"origin":797,"position":0},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.5","author":"Ben Story","date":"August 9, 2019","format":false,"excerpt":"Extract files from a TCP stream when given a PCAP file and Wireshark Implementing Cisco Cybersecurity Operations (210-255) For this example, I made a sample pcapng file using Wireshark. I did a wget of a graphics file from my website. Wireshark Capture Go to File>Export Objects>HTTP (works the same with\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/httpfilepcap-1.png?fit=1200%2C693&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/httpfilepcap-1.png?fit=1200%2C693&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/httpfilepcap-1.png?fit=1200%2C693&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/httpfilepcap-1.png?fit=1200%2C693&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/httpfilepcap-1.png?fit=1200%2C693&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":520,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/14\/ccna-cyberops-secfnd-objective-5-1\/","url_meta":{"origin":797,"position":1},"title":"CCNA CyberOps SECFND Objective 5.1","author":"Ben Story","date":"March 14, 2019","format":false,"excerpt":"Identify the types of data provided by these technologies: TCP Dump, NetFlow, Next-Gen firewall, Traditional stateful firewall, Application visibility and control, web content filtering and email content filtering.Understanding Cisco Cybersecurity Fundamentals (210-250) TCP Dump The application tcpdump is a command line packet capture tool. An example of a packet displayed\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":778,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","url_meta":{"origin":797,"position":2},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.2","author":"Ben Story","date":"August 6, 2019","format":false,"excerpt":"Describe the fields in these protocol headers as they relate to intrusion analysis: Ethernet frame, IPv4, IPv6, TCP, UDP, ICMP, HTTPImplementing Cisco Cybersecurity Operations (210-255) Ethernet Frames Public Domain, Link The biggest thing for the Ethernet frame is to be able to identify the source and destination MAC address. Often\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":524,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/15\/ccna-cyberops-secfnd-objective-5-2\/","url_meta":{"origin":797,"position":3},"title":"CCNA CyberOps SECFND Objective 5.2","author":"Ben Story","date":"March 15, 2019","format":false,"excerpt":"Describe these types of data used in security monitoring: Full packet capture, session data, transaction data, statistical data, extracted content, alert dataUnderstanding Cisco Cybersecurity Fundamentals (210-250) Full Packet Capture Full packet capture data can be very useful in analyzing what occurred on a network. Unfortunately to capture everything is very\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":549,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/25\/ccna-cyberops-secfnd-objective-6-6\/","url_meta":{"origin":797,"position":4},"title":"CCNA CyberOps SECFND Objective 6.6","author":"Ben Story","date":"March 25, 2019","format":false,"excerpt":"Describe these evasion methodsImplementing Cisco Cybersecurity Operations (210-255) Encryption and Tunneling: Attackers use encryption and tunneling to obfuscate their attacks. VPN technologies like IPSec can be used to keep IPS\/IDS from seeing the command and control traffic or even the attack traffic.Resource Exhaustion: A denial of service attack against security\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-225769.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-225769.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-225769.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":477,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/01\/ccna-cyberops-objective-1-6-1-12\/","url_meta":{"origin":797,"position":5},"title":"CCNA CyberOps SECFND Objective 1.6 &#8211; 1.12","author":"Ben Story","date":"March 1, 2019","format":false,"excerpt":"1.6 Describe IP subnets and communication within an IP subnet and between IP subnets. IP subnets are used to divide a network into smaller broadcast domains. Communication within an subnet is done directly from one host to another using ARP for resolving the MAC address of the host. When a\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Francis Seura from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=797"}],"version-history":[{"count":1,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/797\/revisions"}],"predecessor-version":[{"id":1100,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/797\/revisions\/1100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/801"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}