In this section, you will start both your Windows and Linux VMs, ensure that the two can ping each other, and then test Wireshark. Be advised that your VM's virtual LAN uses three IP addresses, including:

• Windows Client VM: 10.0.10.11
• Kali Linux Client VM: 10.0.10.21

Step 1: Using your remote desktop software, start both your Windows and Kali Client VMs.
The next couple of steps will test whether the two VMs can communicate with each other.

Step 2: On your Windows VM, open up a DOS Prompt (or Terminal window) and ping the Kali VM by issuing the following command:
ping 10.0.10.21
IMAGE 1

Step 3: On your Kali VM, open up a Terminal window and ping the Windows VM by issuing the following command:
ping -c 4 10.0.10.11
IMAGE 2

Step 4: The next several steps will test Wireshark on Windows. On your Windows VM, start Wireshark by double-clicking the Wireshark icon on the desktop:
IMAGE 3

Step 5: In the main Wireshark dialogue box, click on the Capture, Options... pull-down menu option to bring up the following dialogue. Click once to highlight the Ethernet 4 entry:
IMAGE 4

NOTE: If you see any entry in the Capture Filter for selected Interfaces space, delete it.
Click on the Start button to start packet capture.

Step 6: Switch to your terminal window and re-run the same ping command as you did above.

Step 7: Back in Wireshark, click on the Capture, Stop pull-down option in order to halt the packet capture. You should see something like:
IMAGE 5

The next several steps will test Wireshark on Linux. Perform the steps described here on your Kali.

Step 8: Start Wireshark by clicking on the Applications Menu, 09 - Sniffing & Spoofing, wireshark pull-down option.
IMAGE 6

Step 9: In the main Wireshark dialogue box, click on the Capture, Options... pull-down menu option to bring up the following dialogue. Check the box next to the eth0 entry:
IMAGE 7

Click on the Start button to start packet capture.

Step 10: Switch to your terminal window and re-run the same ping command as you did above.

Step 11: Back in Wireshark, click on the Capture, Stop pull-down option in order to halt the packet capture. You should see something like:
IMAGE 8

Step 12: The purpose of these steps is to ensure that the VMs can "see" each other and that Wireshark works. That said, you might also review the packets in the exchange that you have just seen to see if you can find the ping messages. One way to do this is to scroll, looking for ICMP packets. A short cut is to type "icmp" (without the quotes) in the Filter: box and click the Apply button.

Step 13: Close both VMs.

Step 14: Open a Web browser on one of your VMs.

Step 15: On the same VM, open Wireshark and select the proper Ethernet interface, using the same steps that you did above. Click the Start button.

Step 16: With Wireshark running, return to your browser and visit a Web site, wait until everything seems to have loaded, and then stop the packet capture. Try to go to a "simple" Web site; i.e., one that doesn't have a lot of pop-up messages, animation, images, and other active content. A couple of candidate sites for exercise purposes:

• http://pages.erau.edu/~kessleg1/
• http://www.garykessler.net/scuba/
• http://www.gmcism.org/
• http://www.ieeelcn.org/
• http://www.srh.noaa.gov/jax/text.php?sid=MLB&pil=CWF

Step 17: Examine the traffic -- from a high level -- and see what packets you can find that are recognizable.