Question

In: Computer Science

[Wireshark ] Using the Wireshark program, capture all the network traffic that is related to opening...

  1. [Wireshark ] Using the Wireshark program, capture all the network traffic that is related to opening a webpage of your choice. In order to get maximum benefit/knowledge from the assignment, it’s recommended to choose a non-trivial web portal for the assignment. Using the captured information (Wireshark Capture), answer the questions below. Explain your answer.
    1. Define a display filter that finds the DNS queries and DNS responses. Narrow down the filter so that only these DNS packets are shown that were necessary for opening your chosen webpage (the captured DNS packets that were related to other applications/clients in your computer should be left out of the list).
    2. Define a display filter that finds the TCP packets.
    3. Narrow down the filter even more, so that only these TCP packets are shown that were used to create a new TCP connection(the TCP packets that were following each connection establishment, should be left out of the list).
    4. Using the filter from the previous step, list all the TCP connections that were necessary for opening your chosen webpage. For each TCP connection, explain the following (you can group the connections, to avoid repetitions in your explanations):
    • local(client) TCP port number,
    • remote(server) TCP port number,
    • remote(server) IP address
    • The source and destination MAC address of all the outgoing packets? Whyare all the outgoing packets going to this particular MAC address?
  1. If you can run “traceroute/tracert” between machines in your organization. List three concrete applications to use trace route for cybersecurity?
  1. How to use ”netstate/netstat” to discover malicious activities in your machine?
  1. Install and use Process Monitor “Procmon” (you can download from https://docs.microsoft.com/en-us/sysinternals/ (Links to an external site.)) and then show how to list all running processes that run “RegCreateKey” operation with unsuccessful results.
  1. Show how to use Nmap to do IP scanning using TCP and ICMP and port scanning using Stealth FIN. Show the command and the output.
  1. (extra credit) Use Nessus to discover a vulnerability on a real network

Solutions

Expert Solution

1. Define a display filter that finds the DNS queries and DNS responses. Narrow down the filter so that only these DNS packets are shown that were necessary for opening your chosen webpage (the captured DNS packets that were related to other applications/clients in your computer should be left out of the list).

dns.qry.name=="website address"

for example:

dns.qry.name=="www.google.com"

Output:

2. Define a display filter that finds the TCP packets.

"tcp" is the filter

Output:

5.

The source and destination MAC address of all the outgoing packets? Why are all the outgoing packets going to this particular MAC address?

select ethernet 2

6.

In my Linux machine netstat command used is: netstat -an

In Windows machine comand: netstat -b


Related Solutions

Do the following: • Download Wireshark. • Start Wireshark. • Turn on Wireshark capture. • Type...
Do the following: • Download Wireshark. • Start Wireshark. • Turn on Wireshark capture. • Type a URL in your browser window (not Wikipedia.org). • After a few seconds, stop the capture. • Answer the following questions: 1a. What URL did you use? What was the IP address of the webserver? 1b. Find the frame in which your PC sent the SYN packet. List the source and destination IP address, the source and destination port numbers, and the header checksum....
Use Tshark for the following question: Capture traffic on the network interface "eth0," filter out all...
Use Tshark for the following question: Capture traffic on the network interface "eth0," filter out all traffics to/from port 22 or port 10 except port 11 or port 13, and store the results in the file "quiz1.pcap."
Network Question need hlp with it. Question: What is Wireshark? a. Can you live capture from...
Network Question need hlp with it. Question: What is Wireshark? a. Can you live capture from many different network media using Wireshark? b. Explain the steps you can take after installing Wireshark to sniff packets?
Perform a wireshark capture on your machine and use the wireshark filter to examine ARP packets...
Perform a wireshark capture on your machine and use the wireshark filter to examine ARP packets Save your wireshark capture and submit it Tell me which packet represents an ARP request What is the destination MAC address for the packet ? show step by step with pictures
Capture DNS records in wireshark You can capture DNS records by executing a nslookup command You...
Capture DNS records in wireshark You can capture DNS records by executing a nslookup command You must report which packets represent your DNS query and its DNS response Capture DHCP records in wireshark The easiest way to capture DHCP records in wireshark is to Start wireshark capture Execute the following command ipconfig /renew You must report which packets represent a DHCP query and a DHCP response. show the steps with the step by step images.
How does streaming traffic differ from browsing traffic (in terms of network utilization)?
How does streaming traffic differ from browsing traffic (in terms of network utilization)?
How would you use data about network traffic to deter attacks to the network? question based...
How would you use data about network traffic to deter attacks to the network? question based on computer forensics
Carbon dioxide capture by using bilogical systems?
Carbon dioxide capture by using bilogical systems?
Using the provided network diagram, write a program in c ++ that finds the shortest path...
Using the provided network diagram, write a program in c ++ that finds the shortest path routing using the Bellman-Ford algorithm. Your program should represent the fact that your node is U. Show how the iterative process generates the routing table for your node. One of the keys to your program will be in determining when the iterative process is done. Deliverables 1. Provide an output that shows the routing table for your node after each iteration. Add a second...
- What is meant by term “inelastic traffic” on a network? - Explain the primary difference...
- What is meant by term “inelastic traffic” on a network? - Explain the primary difference between network applications that use client-server architecture and applications that use peer-to-peer architecture. - What is meant by the term “peer-churn” with respect to peer-to-peer application architectures? - Describe in one sentence what is represented by a “port” number to the protocol operating in the transport layer in layered protocol architecture. Please don't copy and paste from the internet. Thank you
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT