⏳ (15 minutes)

Quick reference for tcpdump LINK

tcpdump Cheat Sheet

Objectives

By the end of this lab you will:

• Validate intended ALLOW flows and prove intended BLOCKS using safe-negative tests.
• Correlate pcaps with firewall logs (5-tuple + rule ID) and state/NAT tables.
• Produce an evidence bundle (screenshots/log lines/pcaps) and a PASS/FAIL summary.
• Reflect verified paths/blocks in the digital twin (add/confirm edges; note blocks).

Environment & Roles

• Test endpoints:
  • Corp Jump: 10.20.0.10 (Linux desktop or jumphost)
  • Site VM: 10.30.0.10
  • Cell VM: 10.40.0.10
  • PLC-B (OT41): 10.41.0.11 (example)
• Tools on endpoints: tcpdump/tshark, nping, nc, curl, ssh
• Firewall CLI (SSH): pfctl, tail, grep.

<aside> <img src="/icons/chemistry_blue.svg" alt="/icons/chemistry_blue.svg" width="40px" />

Lab 2.4 Activities

</aside>

Pre-Flight (5 min)

1. Time sync (so logs match):

   date  # on each VM, ensure clocks are close