Having a crystal clear picture of what flows through our network is significant to understanding any suspicious traffic traversing the wire. In simple words, we should be able to distinguish between good and bad traffic. Baselining good traffic is an important step in this direction and can significantly reduce the effort required for threat analysis. In this chapter, we will go over threats to LAN security and how we can use Wireshark to analyze them. We will also solve a real-world Capture The Flag (CTF) challenge at the end.

LAN is our own kingdom, and we, the soldiers of this kingdom, are obligated to maintain a nonhostile environment. As with any kingdom, threats are always present and are not easy to eradicate. There are many vectors from where a threat can arise, for example, the mischievous people of the kingdom, from enemies in the outside world, and so on.

Now, fast-forwarding...