User Account

All Pages

How many packets are there in the capture

Assignment Help Management Information Sys
Reference no: EM132059464

Lab : Network Based Evidence Analysis

This lab is intended to get you comfortable looking at network data in Wireshark and writing up what you find. The second part requires that you collect some of your own traffic and discuss the activity that you see.

In order to complete this lab, you will have to download Wireshark from wireshark.org. If you like, you are free to use any other packet capture tool, but the lecture provides guidance on how to use this tool to complete most parts of the lab.

In the first part of the lab you will have to download the twopcap files from Blackboard and address each of the questions below for the specific datasets. In part two, you are required to collect information from your own machine.

Please provide screenshots for your answers in part 2.

Part I: Analyzing PCAP files

1) hb.pcap

This packet capture is from the investigation of a machine (IP: 192.168.0.184) that is having slowness at startup and it is unknown what may be causing this slowness

• How many packets are there in the capture?

• What protocol is the most popular?

• When did the capture occur?

• Can we identify what the domain name that the computer is trying to connect to? What is the IP address for this domain?

2) fc.pcap

This packet capture is from the investigation of a server that has significant amounts of traffic directed at it at odd hours

• How many packets are there in the capture?

• What protocol is the most popular?

• When did the capture occur?

• What does this pcap represent?

• What username is attempting to login?

• Please identify at least fiveof the passwords that were attempted?

• Do you think that this activity should be alarming to a network administrator?

• What would be the next step if you were called in as part of an incident response team?

Part II: Collecting and analyzing your own traffic

Collect traffic using Wireshark for your computer for at least 60 minutes. This can be done by clicking on "Capture" and then "Start".

If you have multiple network interfaces, choose "interfaces" and choose the appropriate one. (If you have issues with this, please email me).

• Using summary and protocol hierarchy describe the traffic you collected

• How many packets did you collect?

• What are the top three protocols based on frequency?

• How long did the capture last?

• Using the "endpoints" feature discuss your traffic patterns

• Do you have any IPv6 traffic or is it all IPv4?

• If you have IPv6 traffic, what is the device that is using IPv6

• What is the distribution between TCP versus UDP packets?

• What is the most common endpoint IP?

• Does that IP resolve to a domain?

• Were you purposely doing something (surfing the web, checking email) or was this IP communicating in the background?

Attachment:- Data file.rar

Reference no: EM132059464

Questions Cloud

Describe the marketing mix used by spirit in its strategy : Describe the marketing mix used by spirit in its strategy? What are the challenges Spirit Airlines faces in keeping prices low and improving services?
Traces-rulings for the surface : Find and describe (what 2-D shape is it) at least three traces/rulings for the surface given by z/4 -x^2-y^2/4=0. Sketch the quadric surface.
Use the mirr decision rule to evaluate this project : Use the MIRR decision rule to evaluate this project.
Find the first four terms as well as the tenth term : Find the first four terms as well as the tenth term of the sequence given by a sub n=n(n+1)/2
How many packets are there in the capture : Can we identify what the domain name that the computer is trying to connect to? What is the IP address for this domain?
What it is spirit airlines target market : The effect of a stop loss provision in a health insurance policy is to. What it is spirit airlines' target market?
How much does air pressure change : How much does air pressure change as one moves from 100 meters above sea level to 1000 meters above sea level?
How are language and community related : How are language and community related? What role does language play in the bringing together of people? How does language separate groups?
How much money will she have at the end of 30 days : How much money will she have at the end of 30 days?

Reviews

Write a Review

Management Information Sys Questions & Answers

  What does she mean by vicious compliance

What does she mean by "vicious" compliance? Give an example of an experience you've had that exemplifies such compliance.

  Explain ai and employee productivity in mcdonalds

Artificial Intelligence and Employee Productivity in McDonald's. I have side headings and description of what is required.

  Practice management software improves claim management

Explain how the icons available in Practice Management software make claim management easier and more accurate.

  Prepare a audio file to tell about a story

The audio track should be about 30 seconds long, and could include narration, sound effects, and music to support your project.

  Why is data mining so important

How does data quality impact business performance? Why is data mining so important and what tools and techniques are available to make this process easier?

  Find a topic for renewable energy thats

Find a topic for renewable energy thats related with information technology.

  Discuss about the kerberos-based sso configuration

Analyze at least five (5) problems experienced by employees in an enterprise where Single Sign-On (SSO) has not been implemented.

  Analyze the use of gestures in ipads

Analyze the use of gestures in iPads. Address how users feel about gestures

  Should you approach regulation as risk to information system

Should you approach regulations as a risk to information systems? Do you see regulations as important measures to strengthen information security.

  What type of telecommunication service will be needed

The doctors at the main hospital can review the images in real time and communicate via phone line to the ultrasound technician in the clinic and patient.

  Explian how well does your company forecast their sales

How well does your company forecast their sales? Does the forecasting allow sufficient time for Operations to respond? Does operations perform any adjustments to the forecast to ensure on-time delivery or prevent excess inventory?

  Cloud computingi need help with the following

cloud computingi need help with the following assignmentcloud computing is defined by cearly and phifer in their case

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd