Reference no: EM132980875

Part 1 - Packet Captures

In this assessment you are required to select a network protocol, and design and conduct experiments to demonstrate:

i. The normal behaviour of the protocol (i.e., the network is not subjected to any attack; and
ii. The unusual behaviour of the protocol (i.e., the network is subjected to an attack).

To do this, you may select any network protocol (whether it is examined in this unit or not). Note that you need to demonstrate the unusual behaviour of the network protocol (e.g., malware that is downloaded over an HTTP connection, is not in by itself an unusual behaviour, because HTTP is a protocol intended for downloading files of any kind).

You'll need to capture and save the behaviour of your chosen protocol under both conditions (normal and under attack) using Wireshark PCAP/PCAPNG files (select File ? Save As in Wireshark. You may submit your captured file either as a single or multiple PCAP file(s), however you must clearly identify which files/packet numbers are relevant in your report. Please note that you are responsible to ensure any traffic you generate is appropriately isolated and does not impact real networks, as noted in the warning on the front page of this task.

Before selecting the protocol and attack applied to the protocol, for the purposes of this task, you should first review the requirements of the report below and the rubric to ensure you select an appropriate protocol for the grade that you are targeting. In particular, to get HD and D for several rubric criteria require that you demonstrate an attack that was not covered in the unit (i.e., the unit materials do not include step-by-step instructions for performing the attack you have selected).

Part 2 - Written Report

Prepare a written report on the protocol and behaviour you have demonstrated addressing the following points (you must use the following headings as indicated):

1. Introduction (<0.5 page):
• Provide a general introduction to the protocol and the functionality it provides in the network (e.g., what's its purpose and used for, etc.).
• Provide a general introduction of the attack you will be using in the experiments and how it affects the protocol you are examining.

2. Normal Behaviour (<1 page):
• Provide step-by-step instructions of how your experiment is conducted to generate the protocol's normal behaviour. These instructions must be clear and easy to follow by someone to repeat the experiment without requiring further help. Example aspects you should cover include explaining any platforms, software, and techniques used, any configuration steps required, and the commands/GUI steps necessary to actually run the experiment.
• Explain the protocol's normal behaviour and why it is relevant to the attack you will conduct in Part 3 . For the functionalities of the protocol, which will be affected by the attack, include screenshots from your packet captures showing the breakdown of the relevant sections of the protocol (the middle panel in Wireshark) and explain the contents of the packet and why this should be considered normal. Note: ensure that the packet index is visible in your screenshot or provide a written indication of the packet number.

3. Abnormal Behaviour (<1 page):
• Provide step-by-step instructions on how you have conducted your experiment by which the abnormal behaviour on your selected protocol is generated (refer to the normal behaviour page above for expectations of these instructions).
• Explain the details of the unusual behaviour of your chosen protocol and how it is caused by the attack that you have conducted. For those functionalities that are affected by the attack, include screenshots from your packet captures showing the breakdown of the relevant sections of the protocol (the middle panel in Wireshark) and explain the contents of the packet and why this should be considered unusual (note: ensure that the packet index is visible in your screenshot or provide a written indication of the packet number).

4. Conclusions
• Provide a general summary for your report discussing the potential impact of such an attack on the network and/or an organisations assets.
Explain the difficulty of the attack you have conducted, identifying whether specialist skills, equipment, and/or software are required. Discuss how accessible the attack is as a result of these requirements, i.e., could anyone perform the attack or are there a limited number of people with these capabilities?

Attachment:- Task.rar