Reference no: EM132928704
00130 Monitoring Network Traffic Capstone - Skills Passport
Objective
Monitor network traffic to detect anomalous/suspicious behavior.
Scenario
In this scenario, you will configure a sniffer to monitor traffic. You will then run two network scans to emulate part of a hacker's life cycle. Then after performing the scan you will analyze the pcap file and examine the web logs.
Monitor Network Traffic
Scenario
In this first exercise, you are to setup network interfaces in promiscuous mode and then start capturing packets using a network sniffer.
1. First, and on the Security Onion machine, edit the network interfaces configuration so that eth0 and eth1 are configured in promiscuous mode. Then, restart networking to apply the changes. Please leave eth2 configured as it is.
Switch to Security Onion
2. Verify via the command line that eth0 and eth1 are setup in promiscuous mode.
Switch to Security Onion
3. Lastly, finish this exercise by using a sniffer of your choice to capture packets passing through the eth0 network, and write all captured packets to a capture file on the desktop named Capture.cap.
Switch to Security Onion
Generate Network Traffic
Scenario
In this section of the lab, you will generate traffic to capture network traffic on the LAN network.
1. First, login to the Kali machine with the username root and the password P@ssw0rd.
2. We are now going to generate some traffic. From the Kali box, run an nmap scan against 198.51.100.1. Run an intense scan (T4), and configure the scan to use OS detection, service version detection, and script scanning techniques.
3. Next, run a second network scan against the 198.51.100.100 box using the same settings as before.
Analyze the Traffic
Scenario
In this section you will examine the traffic from the sniffer.
1. Return to the Security Onion box and stop capturing packets. Note how many packets were captured, and verify the capture file was saved with those packets. If the capture file has not yet been saved, save it now to the desktop as Capture.cap.
Switch to Security Onion
2. Next, analyze the capture file with Snort. Also, make sure to output the resulting alert file to the /home/student directory and use the correct snort.conf file.
Switch to Security Onion
3. After snort finishes its analysis, review the file generated by Snort for any suspicious events. Do you see any to note?
Switch to Security Onion
4. Next, continue your analysis and open the capture file with Wireshark to browse the captured packets. Play around with the filters to analyze the captured traffic. For instance, apply a filter to view all TCP reset packets.
Do you see anything indicating a network scan was run against boxes on your network? Switch to Security Onion
5. Lastly, log into the Metasploitable box and view the web server logs. Specifically, use the command to view the most recent web server logs.
Notice what breadcrumbs are leftover from the network scan.
Attachment:- Monitoring Network Traffic.rar