To improve your confidence in your network forensics skills, try answering the following questions:
- What is the difference between the ftp and ftp-data display filter in Wireshark?
- Can you build an http filter for webpages with specific keywords?
- We saved files from the PCAP using NetworkMiner. Can you do this using Wireshark? (Yes/No)
- Try repeating these exercises with Tshark.