Reference no: EM132455211

This week's reading has to do with network traffic signatures, including using CVE to identify vulnerabilities, and how to identify attacks on a network. We will be looking at programs like Wireshark, and in-depth at how the TCP three-way handshake works. After reading the content for this week, answer the following questions, and then reply to at least two other posts.

Question 1: Let's discuss some legitimate uses of ping sweeps and port scans. For example, if you were to find yourself in charge of a network with little to no documentation, a ping sweep and port scan may be necessary to discover what services are running on the network. What other situations might a ping sweep or port scan have legitimate uses? Give specific examples, and whether any problems might occur because of these scans, and why.

Question 2: Some actual real-life monitoring and identifying traffic for various network communications. Use the Wireshark User's Guide to become familiar with using filters within Wireshark, download it to your computer, and run some scans. What are you seeing on the network? Give a brief writeup of what kind of traffic is on your network, and what it means. Please make sure you have permission to do this on whatever network you are using. IE: Don't use this at work without permission from whoever needs to grant it. You can use it wherever you'd like, whether at home, on a public wifi connection, or anywhere with network traffic to scan.

Question 3: Discuss what information might be gathered from an observed attack. For example, given the complexity of the attack, what could an administrator assume about the attacker? How might an administrator's defensive strategy to an attack change based on his or her perception of an attacker's skill?