Question
In: Computer Science
[Wireshark ] Using the Wireshark program, capture all the network traffic that is related to opening...
- [Wireshark ] Using the Wireshark program,
capture all the network traffic that is related to opening a
webpage of your choice. In order to get maximum benefit/knowledge
from the assignment, it’s recommended to choose a non-trivial web
portal for the assignment. Using the captured information
(Wireshark Capture), answer the questions below.
Explain your answer.
- Define a display filter that finds the DNS queries and DNS responses. Narrow down the filter so that only these DNS packets are shown that were necessary for opening your chosen webpage (the captured DNS packets that were related to other applications/clients in your computer should be left out of the list).
- Define a display filter that finds the TCP packets.
- Narrow down the filter even more, so that only these TCP packets are shown that were used to create a new TCP connection(the TCP packets that were following each connection establishment, should be left out of the list).
- Using the filter from the previous step, list all the TCP connections that were necessary for opening your chosen webpage. For each TCP connection, explain the following (you can group the connections, to avoid repetitions in your explanations):
- local(client) TCP port number,
- remote(server) TCP port number,
- remote(server) IP address
- The source and destination MAC address of all the outgoing packets? Whyare all the outgoing packets going to this particular MAC address?
- If you can run “traceroute/tracert” between machines in your organization. List three concrete applications to use trace route for cybersecurity?
- How to use ”netstate/netstat” to discover malicious activities in your machine?
- Install and use Process Monitor “Procmon” (you can download from https://docs.microsoft.com/en-us/sysinternals/ (Links to an external site.)) and then show how to list all running processes that run “RegCreateKey” operation with unsuccessful results.
- Show how to use Nmap to do IP scanning using TCP and ICMP and port scanning using Stealth FIN. Show the command and the output.
- (extra credit) Use Nessus to discover a vulnerability on a real network
Solutions
Expert Solution
1. Define a display filter that finds the DNS queries and DNS responses. Narrow down the filter so that only these DNS packets are shown that were necessary for opening your chosen webpage (the captured DNS packets that were related to other applications/clients in your computer should be left out of the list).
dns.qry.name=="website address"
for example:
dns.qry.name=="www.google.com"
Output:
2. Define a display filter that finds the
TCP packets.
"tcp" is the filter
Output:
5.
The source and destination MAC address of all the outgoing packets? Why are all the outgoing packets going to this particular MAC address?
select ethernet 2
6.
In my Linux machine netstat command used is: netstat -an
In Windows machine comand: netstat -b
venereology answered 9 months agoRelated Solutions
Do the following: • Download Wireshark. • Start Wireshark. • Turn on Wireshark capture. • Type...
Do the following: • Download Wireshark. • Start Wireshark. •
Turn on Wireshark capture. • Type a URL in your browser window (not
Wikipedia.org). • After a few seconds, stop the capture. • Answer
the following questions: 1a. What URL did you use? What was the IP
address of the webserver?
1b. Find the frame in which your PC sent the SYN packet. List
the source and destination IP address, the source and destination
port numbers, and the header checksum....
Use Tshark for the following question: Capture traffic on the network interface "eth0," filter out all...
Use
Tshark for the following question: Capture traffic on the network
interface "eth0," filter out all traffics to/from port 22 or port
10 except port 11 or port 13, and store the results in the file
"quiz1.pcap."
Network Question need hlp with it. Question: What is Wireshark? a. Can you live capture from...
Network Question
need hlp with it.
Question: What is Wireshark?
a. Can you live capture from many different network media
using Wireshark?
b. Explain the steps you can take after installing Wireshark
to sniff packets?
Perform a wireshark capture on your machine and use the wireshark filter to examine ARP packets...
Perform a wireshark capture on your machine and use the
wireshark filter to examine ARP packets
Save your wireshark capture and submit it
Tell me which packet represents an ARP request
What is the destination MAC address for the packet ?
show step by step with pictures
Capture DNS records in wireshark You can capture DNS records by executing a nslookup command You...
Capture DNS records in wireshark
You can capture DNS
records by executing a nslookup command
You must report which
packets represent your DNS query and its DNS
response
Capture DHCP records in
wireshark
The easiest way to capture
DHCP records in wireshark is to
Start wireshark capture
Execute the following command
ipconfig
/renew
You must report which packets represent a DHCP query
and a DHCP response.
show the steps with the step by step images.
How does streaming traffic differ from browsing traffic (in terms of network utilization)?
How does streaming traffic differ from browsing traffic
(in terms of network utilization)?
How would you use data about network traffic to deter attacks to the network? question based...
How would you use data about network traffic to deter attacks to
the network? question based on computer forensics
Carbon dioxide capture by using bilogical systems?
Carbon dioxide capture by using bilogical systems?
Using the provided network diagram, write a program in c ++ that finds the shortest path...
Using the provided network diagram, write a program in c ++ that
finds the shortest path routing using the Bellman-Ford algorithm.
Your program should represent the fact that your node is U. Show
how the iterative process generates the routing table for your
node. One of the keys to your program will be in determining when
the iterative process is done.
Deliverables 1. Provide an output that shows the routing table
for your node after each iteration. Add a second...
- What is meant by term “inelastic traffic” on a network? - Explain the primary difference...
- What is meant by term “inelastic traffic” on a network?
- Explain the primary difference between network applications
that use client-server architecture and applications that use
peer-to-peer architecture.
- What is meant by the term “peer-churn” with respect to
peer-to-peer application architectures?
- Describe in one sentence what is represented by a “port”
number to the protocol operating in the transport layer in layered
protocol architecture.
Please don't copy and paste from the internet. Thank you
ADVERTISEMENT
ADVERTISEMENT
Latest Questions
- 4) Cost per equivalent unit of direct materials and conversion (4 marks) The cost per equivalent...
- We usually write numbers in decimal form (or base 10), meaning numbers are composed using 10...
- Consider a saturated solution of the salt MX3, which M is a metal cation with a...
- Energyshot is a new energy drink that is about to be introduced into the global market....
- Problem 1: During the month, EKM Enterprise purchased $100,000 in raw material on account, used $150,000...
- An electron is accelerated inside a parallel plate capacitor. The electron leaves the negative plate with...
- There is a region with a constant magnetic field 6.31T . The magnetic field is directed...
ADVERTISEMENT