Lab #5 – Assessment Worksheet
Performing Packet Capture and Traffic Analysis
Course Name and Number: Fundament Information Security ITSY 1300
Student Name: Lace Speiser
Instructor Name: John Kidd
Lab Due Date: October 13, 2014
In this lab, you used common applications to generate traffic and transfer files between the
machines in this lab. You captured data using Wireshark and reviewed the captured ...view middle of the document...
Lab Assessment Questions & Answers
1. Why would a network administrator use Wireshark and NetWitness Investigator together? Wireshark is better for performing protocol analysis and Netwitness Investigator is best at performing protocol captures. Wireshark does well at both aspects, which makes it a little better
2. What was the IP address for LanSwitch1? 172.16.8.5
3. When the 172.16.8.5 IP host responded to the ICMP echo-requests, how many ICMP echo-reply
packets were sent back to the vWorkstation? 23
4. What was the terminal password for LanSwitch 1 and LanSwitch 2? cisco
5. When using SSH to remotely access a Cisco router, can you see the terminal password? Why or
why not? No you could not. You probably couldn’t see the password for security reasons that way no one could hack into it.
6. What were the Destination IP addresses discovered by the NetWitness Investigator analysis?
2 | Lab #5 Performing Packet Capture and Traffic Analysis
7. Are packet-capturing tools like Wireshark less dangerous on switched LANs? Yes