This website uses cookies to ensure you have the best experience. Learn more

Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator

550 words - 3 pages

Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator
1. What is the purpose of the address resolution protocol (ARP)?
ARP is used to convert an IP address to a physical address such as an Ethernet address.
2. What is the purpose of the dynamic host control protocol (DHCP)?
DHCP automates and controls the assignment of IP address configurations from a central position.
3. What was the DHCP allocated source IP host address for the Student VM and Target VM?
172.30.0.4 – Student VM
172.30.0.8 – Target VM
4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request ...view middle of the document...

17.0.2 172.17.0.99 TCP telnet > x9-icue [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
172.17.0.99 172.17.0.2 TCP x9-icue > telnet [ACK] Seq=1 Ack=1 Win=65535 Len=0
The three way handshake is needed to establish a reliable connection between computers. The handshake allows client to server communications to agree on security protocols for security and reliability.
7. What was the SEQ# of the initial SYN TCP packet and ACK# of the SYN ACK TCP packet?
The SEQ# is 0 for the initial SYN TCP and the SYN ACK is ACK# 1
8. What is the purpose of TFTP and what transport protocol does it use?
TFTP is a simple protocol to transfer files. It has been implemented on top of the User Datagram Protocol (UDP) using port number 69.
9. Is FTP considered a “secure” file transfer protocol?
Yes it is. FTP is often secured with SSL/TLS ("FTPS"). SSH File Transfer Protocol ("SFTP") is sometimes also used instead, but is technologically different.
10. What other IP packets are on the Ethernet LAN segment? How can these other IP packets provide additional clues or information about the logical IP routing and IP addressing schema?
172.30.0.8 172.30.0.2 TCP talarian-tcp > 48646 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
172.30.0.8 172.30.0.2 TCP ftps > 48646 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
172.30.0.2 172.30.0.8 TCP 48646 > webadmstart [SYN] Seq=0 Win=4096 Len=0 MSS=1460
172.17.0.2 172.17.0.99 TCP telnet > x9-icue [FIN, ACK] Seq=131 Ack=97 Win=5840 Len=0
These packets provide information and on how data packets are routed from source to destination(s).

Other Papers Like Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator

Nt2580 Unit 1 Essay

3775 words - 16 pages identifying the target and learning as much as possible about the target. During the reconnaissance phase, hackers scan a network to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you will explore the common tools available in the virtual lab environment. You will use Wireshark to capture and analyze network traffic, use OpenVAS to scan the network, review a sample collection of data using NetWitness

Information Systems Security Essay

4584 words - 19 pages Microsoft® Baseline Security Analyzer (MBSA) Introduction Deliverables Hands-On Steps 53 53 55 63 64 54 Learning Objectives 53 Evaluation Criteria and Rubrics LAB #4 ASSESSMENT WORKSHEET iii 38351_FMxx.indd iii 8/1/12 12:48 PM iv Contents LAB #5 Perform Protocol Capture and Analysis Using Wireshark and NetWitness Investigator 67 Introduction Deliverables Hands-On Steps 67 67 69 80 81 68 Learning Objectives

Lab#1 Assesment Hands-on Steps

2986 words - 12 pages 21/04/13 2:46 PM 4 Lab #1 | Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 4. Double-click the NetWitness Investigator icon on the desktop to start that application. NetWitness Investigator allows you to look at and analyze packet capture data (collected by applications like Wireshark) in context, so that you are able to act on any threats or problems quickly and easily. figure 1.3 The NetWitness Investigator welcome screen 5

Itt 255 Lab 6

3922 words - 16 pages Capture & Analysis Using Wireshark & Netwitness Investigator Testing and Monitoring Security Controls Define an Acceptable Use Policy (AUP) Perform Business Continuity Plan Implementation Planning BCP, DRP, BIA, and Incident Response Plan Mix and Match Quantitative and Qualitative Risk Assessment Analysis 2 4 Effective Implementation of Security Policy 4.2 Assignment 4.3 1 1 Lab Fundamentals of Information Systems Security

Netw 202 Week 2 Lab Report

1358 words - 6 pages NETW202 Professor Mutasem Awwad 01/16/2016 iLab #2, Introduction to Wireshark (This part of the lab is worth 19 points) Lab Report Section I: Watch the video on the iLab page about Wireshark and answer the questions below. 1. Is Wireshark open source or proprietary? What does it mean to be open source versus proprietary in the first place? Give an example of something that is open source versus something that is proprietary in the

Buying a Pc

1007 words - 5 pages this Lab you will need to install TracePlus/Ethernet on your (Windows) computer. (If you have a Mac, the application works fine in VMWare, Parallels, etc. Alternatively, you may use WireShark, Capsa Free, or Packet Peeper, as identified below). In addition to your textbook, refer to your notes taken during the demo of the tool in class. Open the app and select the proper capture interface (Ie – e01, e02, etc. These are your wired connections

Network Analysis Tool

655 words - 3 pages used to intercept and log traffic over a digital network is TCpdump for UNIX platforms and Windump for windows computers. They both extract network packets and perform a statistical analysis on the dumped information. They can be used to measure response time and the percentage of packets lost, and TCP/UDP connection start up and end. TCPdump and Windump are not very user friendly sniffers. Wireshark is a packet sniffer that is used a lot. I

Wireshark

736 words - 3 pages useful to security analyst. Wireshark is defined as a network packet analyzer [1]. A network packet analyzer attempts to capture network packets and display detailed information about the packet [1]. Wireshark is one of the best open source packet analyzers today. It is used by network administrators to troubleshoot network problems, network security engineers to examine security problems, developers to debug protocol implementations, and by other

Packet Sniffer Report

8200 words - 33 pages logged to a text file. Figure 10 - Cain recording a telnet session between two machines The above tests demonstrate that tools such as ettercap and Cain present a very real threat to many network environments. Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project

Evidence Collection

2876 words - 12 pages ): Shows all the files that are currently open • /dev/mem and /dev/kmem: Examines each and every patch in the computer The following are the computer forensic tools used for data collection: • Guidance Software’s EnCase (www.guidancesoftware.com); EnCase is a forensic data and analysis program for various operating systems that is used to perform computer-related investigation. Using EnCase, an investigator can quickly find files that

Student Sscp Domain Research Paper

1032 words - 5 pages policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. • Software - Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. • AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple

Related Essays

Chapter 5 Essay

272 words - 2 pages level, and then you used NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing a complete packet capture, to review the same traffic at a consolidated level. Lab Assessment Questions & Answers 1. Why would a network administrator use Wireshark and NetWitness Investigator together? Wireshark is better for performing protocol analysis and Netwitness Investigator is best at performing protocol

Blank Essay

258 words - 2 pages : ________________________________________________________________ Overview In this lab, you explored the common tools available in the virtual lab environment. You used Wireshark to capture and analyze network traffic, OpenVAS to scan the network, reviewed a sample collection of data using NetWitness Investigator, connected to a remote Windows machine and explored two file transfer applications, FileZilla and Tftpd64. You used PuTTY to connect to a Linux machine and ran several Cisco

Conduct A Network Traffic Analysis & Baseline Definition

606 words - 3 pages  Conduct a Network Traffic Analysis & Baseline Definition 1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness. 2. What is promiscuous mode and how does this allow tcpdump, Wireshark, and Netwitness Investigator to perform protocol capture off a live network

Lab 1 Performing Reconnaissance And Probing

518 words - 3 pages : ________________________________________________________________ Overview In this lab, you explored the common tools available in the virtual lab environment. You used Wireshark to capture and analyze network traffic and OpenVAS to scan the network. You reviewed a sample collection of data using NetWitness Investigator, connected to a remote Windows machine, and explored two file transfer applications, FileZilla and Tftpd64. You used PuTTY to connect to a