Skip to content
MyCyberSecurityPath

Wireshark: Network Analysis Guide

Section titled “Legal and Ethical Notice”

Only capture network traffic on networks you own or have explicit written permission to monitor. Capturing traffic on networks without authorization is illegal in most jurisdictions and can result in criminal charges. Every exercise on this page assumes you are working on your own home network or a lab environment you control. If you are unsure whether you have permission, do not capture.

This rule applies to learning, testing, and professional work equally. Even in a workplace, packet capture usually requires management or legal approval.

What Is Wireshark and Why Does It Matter?

Section titled “What Is Wireshark and Why Does It Matter?”

Wireshark is a free, open-source network protocol analyser originally created by Gerald Combs in 1998 (initially named Ethereal). According to Wireshark.org, it is the world’s most widely used network analysis tool, employed by security professionals, network engineers, and forensic investigators to capture and inspect network traffic at the packet level.

Wireshark captures network traffic in real time and lets you inspect every packet that crosses a network interface. It is the most widely used network analysis tool in the world.

If you have never heard of packet analysis before, think of it this way: every time your computer loads a web page, sends an email, or looks up a domain name, it sends and receives small chunks of data called packets. Wireshark lets you see those packets, read their contents, and understand exactly what your computer is doing on the network.

You do not need a technical background to start using Wireshark. You need curiosity and a willingness to look at unfamiliar data until it starts making sense.

The first time I opened Wireshark, I honestly wanted to close it again. The interface was a wall of scrolling numbers and abbreviations I couldn’t parse — it felt like staring at the Matrix. But I followed a tutorial, typed http into the filter bar, refreshed a web page, and suddenly I could see my browser’s request and the server’s response laid out packet by packet. That was the moment networking stopped being an abstract textbook concept for me. I could actually watch data moving, and it made the TCP/IP material from my A+ study click in a way that flashcards never had. If the interface overwhelms you at first, stick with it — one good filter is all it takes to start making sense of the noise.

Packet Capture Workflow

Section titled “Packet Capture Workflow”

📊 Visual Explanation

Section titled “📊 Visual Explanation”

Wireshark Packet Capture Workflow

From interface selection to evidence preservation — the five stages of network analysis

Select InterfaceChoose network adapter
Ethernet
Wi-Fi
Loopback
Start CaptureRecord live traffic
Promiscuous mode
Packet buffer
Apply FilterFocus on relevant traffic
Display filters
Capture filters
Analyze PacketsInspect protocol details
Protocol hierarchy
Follow TCP stream
Export / SavePreserve evidence
PCAP format
Filtered export
Idle

What Do Real-World Wireshark Scenarios Look Like?

Section titled “What Do Real-World Wireshark Scenarios Look Like?”

Wireshark is used in virtually every cybersecurity discipline, from SOC alert triage to digital forensics. NIST SP 800-86 identifies network traffic analysis as a critical technique for incident response, and SANS GIAC certifications (GCIA, GCFA) test Wireshark proficiency extensively.

Wireshark appears in nearly every cybersecurity role at some point. Understanding why helps you prioritise learning it.

Traffic analysis — SOC analysts use Wireshark to investigate alerts. When a security tool flags suspicious activity, the analyst often needs to look at the actual packets to determine whether the alert is a real threat or a false positive.

Incident response — During a security incident, responders capture traffic to understand what data was sent, where it went, and how the attacker communicated with compromised systems.

Digital forensics — Forensic investigators analyze saved packet captures (called PCAP files) to reconstruct what happened during a breach, sometimes weeks or months after the event.

Network troubleshooting — Before you can spot malicious traffic, you need to understand normal traffic. Wireshark helps you learn what healthy network communication looks like.

Certification preparation — CompTIA Security+, CySA+, and other certifications test your ability to read packet captures and identify anomalies. Wireshark is the standard tool for this skill.

How to Install Wireshark

Section titled “How to Install Wireshark”

Wireshark runs on Windows, macOS, and Linux. Installation takes <5 minutes on most systems.

Windows

Section titled “Windows”
  1. Go to wireshark.org/download
  2. Download the Windows x64 installer
  3. Run the installer and accept the defaults
  4. When prompted, install Npcap (the packet capture driver) — this is required for live capture
  5. Restart your computer if prompted
  6. Open Wireshark from the Start menu

macOS

Section titled “macOS”
  1. Go to wireshark.org/download
  2. Download the macOS Intel or Arm installer (choose based on your Mac’s processor)
  3. Open the .dmg file and drag Wireshark to Applications
  4. On first run, macOS may ask you to approve a helper tool for packet capture — allow it
  5. If prompted about permissions, follow the on-screen instructions to install the ChmodBPF helper

Alternatively, if you use Homebrew: brew install --cask wireshark

Linux (Ubuntu/Debian/Kali)

Section titled “Linux (Ubuntu/Debian/Kali)”
Terminal window
sudo apt update
sudo apt install wireshark

During installation, you will be asked whether non-root users should be able to capture packets. Select Yes. Then add your user to the wireshark group:

Terminal window
sudo usermod -aG wireshark $USER

Log out and log back in for the group change to take effect. On Kali Linux, Wireshark is pre-installed.

Verify Your Installation

Section titled “Verify Your Installation”

Open Wireshark. You should see a list of network interfaces (such as Wi-Fi, Ethernet, or Loopback). If no interfaces appear, the capture driver was not installed correctly — revisit the Npcap (Windows) or ChmodBPF (macOS) step.

How Does Wireshark Work?

Section titled “How Does Wireshark Work?”

Wireshark operates by placing a network interface into promiscuous mode, allowing it to capture all packets traversing the network segment rather than only those addressed to the host machine. The Wireshark.org user guide describes this as the foundation of all packet analysis workflows.

When you first open Wireshark and start a capture, the interface can look overwhelming. It is actually organised into clear sections that you will learn quickly.

Interface Selection Screen

Section titled “Interface Selection Screen”

Before you capture anything, Wireshark shows you a list of available network interfaces. Each one has a small activity graph showing current traffic volume. For most home setups:

  • Wi-Fi or en0 captures your wireless traffic
  • Ethernet or eth0 captures wired traffic
  • Loopback or lo captures traffic your computer sends to itself

Double-click an interface to start capturing.

The Three Panes

Section titled “The Three Panes”

Once a capture is running, the main window has three panes stacked vertically:

Packet List Pane (top) — Shows one row per captured packet. Each row displays the packet number, timestamp, source address, destination address, protocol, length, and a brief description. This is where you scan for patterns and select packets to investigate.

Packet Details Pane (middle) — When you click a packet in the list above, this pane shows its full structure, broken into expandable layers. You will see the Ethernet frame, the IP header, the transport header (TCP or UDP), and the application data. Each layer corresponds to a layer of the networking model you may have seen in Networking Basics.

Packet Bytes Pane (bottom) — Shows the raw hexadecimal and ASCII data of the selected packet. Beginners rarely need this pane, but it is useful when you want to see exactly what bytes were transmitted.

The Display Filter Bar

Section titled “The Display Filter Bar”

At the top of the capture window is a text field labeled “Apply a display filter.” This is where you type filters to show only the packets you care about. It is the single most important feature for beginners to learn.

The Status Bar

Section titled “The Status Bar”

At the bottom of the window, the status bar shows how many packets have been captured and how many are currently displayed (after filtering). If you capture 10,000 packets but your filter shows 47, the status bar confirms this.

Essential Display Filters for Beginners

Section titled “Essential Display Filters for Beginners”

Display filters let you cut through thousands of packets to find exactly what you need. You type them into the filter bar and press Enter.

Basic Filters

Section titled “Basic Filters”
FilterWhat it shows
ip.addr == 192.168.1.1All packets to or from a specific IP address
ip.src == 192.168.1.100Packets sent from a specific IP address
ip.dst == 8.8.8.8Packets sent to a specific IP address
tcp.port == 443All TCP traffic on port 443 (HTTPS)
udp.port == 53All UDP traffic on port 53 (DNS)
httpAll HTTP traffic (unencrypted web browsing)
dnsAll DNS queries and responses
icmpAll ICMP traffic (ping, traceroute)
tcpAll TCP traffic
udpAll UDP traffic
arpAll ARP traffic (address resolution)

Combining Filters

Section titled “Combining Filters”

You can combine filters with logical operators:

OperatorMeaningExample
&& or andBoth conditions must be trueip.addr == 192.168.1.1 && tcp.port == 80
|| or orEither condition can be truedns || http
! or notExclude matching packets!arp (hide ARP traffic)

Filters You Will Use Often

Section titled “Filters You Will Use Often”

Find all traffic from your machine to a specific server:

ip.src == 192.168.1.100 && ip.dst == 93.184.216.34

Show only DNS traffic:

dns

Show HTTP requests only (not responses):

http.request

Hide noisy background traffic to focus on what matters:

!arp && !dns && !icmp

Find TCP connection problems (resets):

tcp.flags.reset == 1

Find packets containing a specific string:

frame contains "password"

Tip: The filter bar turns green when your filter syntax is valid and red when it is not. If your filter bar is red, check for typos before pressing Enter.

Capture Filters vs Display Filters

Section titled “Capture Filters vs Display Filters”

Wireshark has two types of filters and beginners often confuse them.

Capture filters are set before you start capturing. They tell Wireshark which packets to record in the first place. Packets that do not match the capture filter are discarded and never saved. Capture filters use a different syntax called BPF (Berkeley Packet Filter).

Display filters are applied after packets are captured. They hide packets from view but do not delete them. You can change display filters as many times as you want without losing data.

FeatureCapture filterDisplay filter
When appliedBefore capture startsDuring or after capture
SyntaxBPF syntax (host 192.168.1.1)Wireshark syntax (ip.addr == 192.168.1.1)
EffectPackets not matching are never savedPackets not matching are hidden but still in the file
When to useWhen you know exactly what you want and need to limit file sizeMost of the time — safer because you keep all data

Beginner recommendation: Start with no capture filter. Capture everything and use display filters to find what you need. You can always apply a capture filter later when you are confident about what traffic you want.

Common Capture Filter Examples

Section titled “Common Capture Filter Examples”
Capture filterWhat it does
host 192.168.1.1Only capture traffic to or from this IP
port 80Only capture traffic on port 80
net 192.168.1.0/24Only capture traffic on this subnet
tcpOnly capture TCP traffic
not arpCapture everything except ARP

What Does Wireshark Look Like in Practice?

Section titled “What Does Wireshark Look Like in Practice?”

Hands-on exercises are the fastest way to build Wireshark proficiency. The Wireshark.org wiki provides sample captures for practice, and CompTIA Security+ (SY0-701) performance-based questions test the ability to read and interpret packet captures.

These exercises use only your own computer and your own home network. Do not capture traffic on any network you do not own.

Exercise 1: Capture a DNS Lookup

Section titled “Exercise 1: Capture a DNS Lookup”

This exercise shows you what happens behind the scenes every time you visit a website.

  1. Open Wireshark and select your active network interface (Wi-Fi or Ethernet)
  2. Click the blue shark fin button to start capturing
  3. In the display filter bar, type dns and press Enter
  4. Open your web browser and go to example.com
  5. Return to Wireshark — you should see DNS packets appear

What to look for:

  • A query packet from your computer to a DNS server, asking for the IP address of example.com
  • A response packet from the DNS server containing the IP address
  • The source and destination IP addresses — your computer’s IP and your DNS server’s IP
  • The protocol column should show “DNS”

What you just learned: Every website visit starts with a DNS lookup. Security analysts monitor DNS traffic because attackers often use DNS for reconnaissance, command-and-control communication, and data exfiltration.

Exercise 2: Watch a TCP Three-Way Handshake

Section titled “Exercise 2: Watch a TCP Three-Way Handshake”

TCP connections start with a three-step process. This exercise lets you see it happening.

  1. Start a new capture (or continue the previous one)
  2. Clear the display filter, then type tcp.flags.syn == 1 || tcp.flags.ack == 1 and press Enter
  3. Open your browser and visit http://example.com (use http, not https, so the handshake is easier to isolate)
  4. Look for three packets in sequence between your IP and the server IP:
    • SYN — Your computer requests a connection
    • SYN-ACK — The server acknowledges and accepts
    • ACK — Your computer confirms the connection is established

Better filter for isolating the handshake:

ip.addr == 93.184.216.34 && tcp

Replace 93.184.216.34 with the IP you found in Exercise 1.

What you just learned: The TCP three-way handshake is the foundation of reliable internet communication. Security analysts look for incomplete handshakes (SYN without SYN-ACK) as a sign of port scanning or SYN flood attacks.

Exercise 3: Capture and Filter ICMP (Ping) Traffic

Section titled “Exercise 3: Capture and Filter ICMP (Ping) Traffic”
  1. Start a capture in Wireshark
  2. Set the display filter to icmp
  3. Open a terminal or command prompt and run: ping example.com
  4. Watch the packets appear in Wireshark

What to look for:

  • Echo Request packets from your computer
  • Echo Reply packets from the server
  • The round-trip time shown in the packet details
  • The TTL (Time to Live) value in the IP header

What you just learned: ICMP is used for network diagnostics but also appears in reconnaissance. Unusually large ICMP packets or unexpected ICMP traffic can indicate tunneling or denial-of-service activity.

Exercise 4: Analyze HTTP Traffic

Section titled “Exercise 4: Analyze HTTP Traffic”

Modern websites use HTTPS (encrypted), so you cannot read their content in Wireshark. However, you can still practice with unencrypted HTTP.

  1. Start a capture and set the display filter to http
  2. In your browser, visit http://httpbin.org/get (this site deliberately serves unencrypted HTTP for testing)
  3. In Wireshark, find the HTTP GET request
  4. Click on the packet, expand the “Hypertext Transfer Protocol” section in the Packet Details pane
  5. Read the headers — you will see the URL, the user agent string, and other request details

What you just learned: Unencrypted HTTP traffic is fully visible to anyone capturing packets on the same network. This is why HTTPS matters. In a forensic investigation, HTTP traffic in a capture file can reveal exactly what data was sent or received.

Exercise 5: Save and Reopen a Capture

Section titled “Exercise 5: Save and Reopen a Capture”
  1. After running any of the exercises above, go to File > Save As
  2. Save the file with a .pcapng extension (this is the default format)
  3. Close Wireshark
  4. Reopen Wireshark and go to File > Open to reload your saved capture
  5. Apply a display filter to confirm your packets are still there

What you just learned: Saved captures (PCAP and PCAPNG files) are how security teams share evidence. Forensic investigators, incident responders, and analysts pass capture files to each other regularly. Saving your practice captures also lets you revisit them as your skills improve.

How Is Wireshark Used in Real Security Operations?

Section titled “How Is Wireshark Used in Real Security Operations?”

Security teams rely on Wireshark daily to validate alerts, investigate breaches, and gather forensic evidence. NIST SP 800-61 (Computer Security Incident Handling Guide) recommends packet capture as a primary data source during incident response.

Understanding how Wireshark is used in real security work helps you see the point of learning it.

Detecting Suspicious DNS Activity

Section titled “Detecting Suspicious DNS Activity”

An attacker who has compromised a machine often uses DNS to communicate with a command-and-control server. The compromised machine sends DNS queries to attacker-controlled domains, and the responses contain instructions.

In Wireshark, you can filter for dns and look for:

  • Queries to domains you do not recognize
  • Unusually long domain names (potential DNS tunneling)
  • High volumes of DNS queries from a single host
  • DNS responses with unusually large payloads

Identifying Unauthorized Connections

Section titled “Identifying Unauthorized Connections”

If a machine on your network is communicating with an unexpected external IP address, Wireshark can reveal it. Filter by the machine’s IP address and review the destination addresses. Cross-reference unknown IPs with threat intelligence databases.

Analyzing Cleartext Credentials

Section titled “Analyzing Cleartext Credentials”

Unencrypted protocols like HTTP, FTP, and Telnet transmit credentials in plain text. In a capture file, you can search for login attempts:

http.request.method == "POST"

or

ftp.request.command == "PASS"

This demonstrates why encrypted protocols (HTTPS, SFTP, SSH) are essential. In a forensic investigation, finding cleartext credentials in a capture file is significant evidence.

Spotting Port Scanning

Section titled “Spotting Port Scanning”

When an attacker scans a network, they send connection attempts to many ports in a short period. In Wireshark, this appears as:

  • Many SYN packets from one source to one destination across different ports
  • SYN packets followed by RST (reset) responses, meaning the port is closed
  • A pattern that sweeps through port numbers sequentially or randomly

Filter for the suspected scanning source:

ip.src == [suspected scanner IP] && tcp.flags.syn == 1

Tips for Beginners

Section titled “Tips for Beginners”

Start with Your Own Traffic

Section titled “Start with Your Own Traffic”

The best way to learn is to capture your own normal activity — browsing, email, streaming — and explore what it looks like in Wireshark. Once you know what normal looks like, abnormal becomes easier to spot.

Use Color Rules

Section titled “Use Color Rules”

Wireshark applies color coding to different types of traffic by default. Green typically indicates TCP traffic, blue indicates DNS, and black with red text indicates errors or problems. You can customize these under View > Coloring Rules, but the defaults are a good starting point.

Follow TCP Streams

Section titled “Follow TCP Streams”

Right-click any TCP packet and select Follow > TCP Stream. Wireshark reconstructs the entire conversation between two endpoints, showing you the full exchange of data. This is one of the most powerful features for understanding what actually happened in a connection.

Use the Protocol Hierarchy

Section titled “Use the Protocol Hierarchy”

Go to Statistics > Protocol Hierarchy to see a breakdown of all protocols in your capture. This gives you a quick overview of what kind of traffic is present before you start filtering.

Do Not Panic About Volume

Section titled “Do Not Panic About Volume”

A busy network can generate thousands of packets per second. You are not expected to read every packet. Filters exist specifically so you can focus on the <1% of traffic that matters for your investigation.

Save Interesting Captures

Section titled “Save Interesting Captures”

When you find a capture that teaches you something, save it with a descriptive filename like dns-lookup-example-2026-03-14.pcapng. Building a personal library of reference captures accelerates your learning.

Where to Practice

Section titled “Where to Practice”

Your Home Network

Section titled “Your Home Network”

Your own home network is the safest and most convenient place to practice. Capture your own browsing, DNS lookups, and streaming traffic. Experiment with filters. There is no risk as long as you are only capturing traffic on a network you own.

Wireshark SampleCaptures Wiki

Section titled “Wireshark SampleCaptures Wiki”

The Wireshark project maintains a library of sample capture files at wiki.wireshark.org/SampleCaptures. These include captures of many different protocols, attack scenarios, and edge cases. Download them and practice applying filters.

TryHackMe Wireshark Rooms

Section titled “TryHackMe Wireshark Rooms”

TryHackMe offers guided Wireshark challenges that walk you through analyzing pre-built capture files. These are structured exercises with clear objectives, making them ideal for beginners:

  • Wireshark: The Basics — Interface orientation and basic filtering
  • Wireshark: Packet Operations — Deeper packet analysis techniques
  • Wireshark: Traffic Analysis — Real-world scenario investigation

These rooms require a free TryHackMe account and are browser-based, so you can practice even without Wireshark installed locally.

Home Lab Environment

Section titled “Home Lab Environment”

If you have followed the Home Lab Setup guide to create virtual machines, you can generate controlled traffic between VMs and capture it with Wireshark. This gives you full control over both sides of the conversation, making it easier to understand what you see in the capture.

Wireshark and Your Career Path

Section titled “Wireshark and Your Career Path”

Wireshark proficiency appears in job descriptions for SOC analysts, incident responders, forensic investigators, and network security engineers. You do not need to master every feature to be useful — even basic filtering and TCP stream analysis set you apart from candidates who have never opened the tool.

For certification preparation, Wireshark practice directly supports:

  • CompTIA Security+ (SY0-701) — Network-based attacks, traffic analysis
  • CompTIA CySA+ (CS0-003) — Threat detection, packet analysis, log review
  • TryHackMe SOC Level 1 Path — Wireshark is a core tool throughout

Summary and Key Takeaways

Section titled “Summary and Key Takeaways”
  • Wireshark is a free, open-source packet analyzer used by security professionals worldwide.
  • The interface has three panes: packet list, packet details, and packet bytes. The display filter bar is your primary tool for finding relevant traffic.
  • Display filters let you search captured traffic without losing data. Capture filters limit what is recorded in the first place.
  • Start with your own traffic on your own network. Practice DNS lookups, TCP handshakes, and HTTP requests.
  • Save your captures as PCAP files to build a reference library.
  • Wireshark skills directly support Security+, CySA+, and SOC analyst job readiness.
  • Never capture traffic on a network without explicit permission. This is both a legal requirement and a professional ethical obligation.
Section titled “Related”

Legal reminder: Capturing network traffic without authorization is illegal. All exercises on this page assume you are working on your own network or a lab environment you control. When you move into professional work, always confirm that you have written authorization before running any packet capture.

Packet Analysis Workflow

Section titled “Packet Analysis Workflow”

Wireshark Packet Analysis Workflow

A structured approach to investigating network traffic from capture to documentation

Capture Traffic
Record raw packets
Select interface
Set capture filter
Start recording
Apply Filters
Narrow the scope
Display filters
Protocol filters
IP/port filters
Identify Patterns
Spot anomalies
Unusual volumes
Unknown destinations
Protocol misuse
Analyze Protocols
Deep packet inspection
Follow TCP streams
Decode payloads
Check headers
Document Findings
Preserve evidence
Save PCAP files
Export reports
Note timestamps
Idle

Technical details verified in March 2026 against the official Wireshark documentation (wireshark.org), CompTIA Security+ SY0-701 exam objectives, and IETF protocol standards.

Frequently Asked Questions

Is Wireshark legal to use?

Yes, Wireshark itself is legal to download and use. However, capturing network traffic on networks you do not own or do not have explicit written permission to monitor is illegal in most jurisdictions. Always capture only on your own network or a lab environment you control.

Can Wireshark see HTTPS traffic?

Wireshark can capture HTTPS packets, but the payload is encrypted, so you cannot read the actual content. You can still see the source and destination IP addresses, ports, and TLS handshake details. Decrypting HTTPS in Wireshark requires access to the session keys, which is only possible in specific lab or debugging scenarios.

What is a PCAP file?

A PCAP (Packet Capture) file is a saved recording of network traffic. Wireshark saves captures in PCAP or PCAPNG format, which can be reopened later for analysis. Security teams share PCAP files as evidence during incident investigations and forensic analysis.

How do I filter traffic in Wireshark?

Type display filters into the filter bar at the top of the capture window. Common examples include 'dns' for DNS traffic, 'tcp.port == 443' for HTTPS, and 'ip.addr == 192.168.1.1' for a specific host. The filter bar turns green when your syntax is valid and red when it is not.

Is Wireshark hard to learn?

The basics of Wireshark — capturing traffic, applying filters, and reading packet summaries — can be learned in a few hours. Mastering advanced features like protocol analysis, stream reconstruction, and forensic investigation takes months of practice. Start with the exercises on this page and build from there.

What is the difference between capture filters and display filters?

Capture filters are set before recording begins and control which packets are saved — unmatched packets are discarded permanently. Display filters are applied after capture and only hide packets from view without deleting them. Beginners should use display filters because they preserve all captured data.

Can Wireshark capture Wi-Fi traffic from other devices?

On most operating systems, Wireshark captures only traffic sent to or from your own machine. Capturing other devices' Wi-Fi traffic requires monitor mode, which has limited support depending on your operating system and wireless adapter. This is also legally restricted to networks you own.

What certifications test Wireshark skills?

CompTIA Security+ (SY0-701) and CompTIA CySA+ (CS0-003) both include network traffic analysis objectives where Wireshark knowledge is directly applicable. The TryHackMe SOC Level 1 learning path also uses Wireshark extensively.

How much disk space does a Wireshark capture use?

Capture file size depends on network activity and duration. A busy network can generate hundreds of megabytes per minute. For practice exercises on a home network, captures typically range from a few kilobytes to tens of megabytes. Use capture filters to limit file size when recording on busy networks.

What is 'Follow TCP Stream' in Wireshark?

Follow TCP Stream is a feature that reconstructs an entire TCP conversation between two endpoints. Right-click any TCP packet and select Follow > TCP Stream to see the full data exchange in a readable format. It is one of the most useful features for understanding what happened during a connection.

Related sections

Networking Basics

Understand ports, protocols, DNS, and the network layers that Wireshark captures operate on.

Explore Home Lab Setup

Build a safe virtual environment where you can practice Wireshark captures without any legal concerns.

Explore Security Concepts

Learn the principles behind traffic analysis: confidentiality, integrity, defense in depth, and Zero Trust.

Explore

More resources

Wireshark Official Documentation

Complete user guide, display filter reference, and protocol support documentation.

Visit Wireshark SampleCaptures

Free downloadable capture files covering dozens of protocols and real-world scenarios.

Visit TryHackMe

Guided cybersecurity training rooms including hands-on Wireshark challenges for beginners.

Visit CompTIA Security+

Official Security+ certification page covering the SY0-701 exam objectives that include traffic analysis.

Visit