Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator
1. What is the purpose of the address resolution protocol (ARP)?
ARP is used to convert an IP address to a physical address such as an Ethernet address.
2. What is the purpose of the dynamic host control protocol (DHCP)?
DHCP automates and controls the assignment of IP address configurations from a central position.
3. What was the DHCP allocated source IP host address for the Student VM and Target VM?
172.30.0.4 – Student VM
172.30.0.8 – Target VM
4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request ...view middle of the document...
17.0.2 172.17.0.99 TCP telnet > x9-icue [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
172.17.0.99 172.17.0.2 TCP x9-icue > telnet [ACK] Seq=1 Ack=1 Win=65535 Len=0
The three way handshake is needed to establish a reliable connection between computers. The handshake allows client to server communications to agree on security protocols for security and reliability.
7. What was the SEQ# of the initial SYN TCP packet and ACK# of the SYN ACK TCP packet?
The SEQ# is 0 for the initial SYN TCP and the SYN ACK is ACK# 1
8. What is the purpose of TFTP and what transport protocol does it use?
TFTP is a simple protocol to transfer files. It has been implemented on top of the User Datagram Protocol (UDP) using port number 69.
9. Is FTP considered a “secure” file transfer protocol?
Yes it is. FTP is often secured with SSL/TLS ("FTPS"). SSH File Transfer Protocol ("SFTP") is sometimes also used instead, but is technologically different.
10. What other IP packets are on the Ethernet LAN segment? How can these other IP packets provide additional clues or information about the logical IP routing and IP addressing schema?
172.30.0.8 172.30.0.2 TCP talarian-tcp > 48646 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
172.30.0.8 172.30.0.2 TCP ftps > 48646 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
172.30.0.2 172.30.0.8 TCP 48646 > webadmstart [SYN] Seq=0 Win=4096 Len=0 MSS=1460
172.17.0.2 172.17.0.99 TCP telnet > x9-icue [FIN, ACK] Seq=131 Ack=97 Win=5840 Len=0
These packets provide information and on how data packets are routed from source to destination(s).