From fb4c8d6c74bcb443cfb84cb1312ef37979d284a5 Mon Sep 17 00:00:00 2001 From: Dave Date: Wed, 3 Feb 2021 13:12:30 -0600 Subject: [PATCH] Move Powershell comment to after correct instruction --- IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md b/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md index 6e2cc177..01cfddda 100644 --- a/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md +++ b/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md @@ -70,8 +70,6 @@ This will show us the various HTTP requests for the capture: ![](attachments/Clipboard_2020-12-09-18-43-37.png) -Anything look strange there? If you look closely, there is a lot of encoded PowerShell. - Now, let's look at Statistics > Conversations: ![](attachments/Clipboard_2020-12-09-18-45-30.png) @@ -122,6 +120,8 @@ This is showing the request (in red) and the response (in blue) between our two ![](attachments/Clipboard_2020-12-09-18-55-09.png) +Anything look strange there? If you look closely, there is a lot of encoded PowerShell. + Now, let's play with some basic filters in the filter bar. We have already seen how Wireshark can filter on IP addresses. But we can also filter on protocols. To start, just type l.