Wireless Network Security - VignaAssignment - Lab1

.docx

School

Durham College *

*We aren’t endorsed by this school

Course

1101

Subject

Computer Science

Date

May 28, 2024

Type

docx

Pages

21

Uploaded by ColonelChinchillaPerson1125

Report
LAB: 01 Introduction to Packet Sniffing and Wireshark Part A: Introduction Packet sniffing allows for the capturing of traffic in real-time from a live network connection. Captured data can either be studied immediately or saved for future analysis. The captured data can be used not only as a valuable aid to assist in the understanding of how networked devices communicate, but also for the management and troubleshooting of production networks. Packet sniffing is invaluable in troubleshooting network problems such as broadcast storms, faulty NICs, framing problems, undue retransmissions, long response times etc.. From a security perspective, packet sniffing can be used to detect malicious network traffic and help detect vulnerabilities in the network or its use. Wireshark is an open-source packet sniffing application program capable of capturing and analyzing data from all 7 layers of the OSI model. Lab Overview The purpose of this lab is to introduce the concept of packet sniffing in general and the open- source Wireshark program in particular. This lab provides foundational material for the use of Wireshark in future studies as well as in the context of network monitoring and troubleshooting. In this lab the learner will: Download and install the Wireshark and Winpcap programs. Use the Wireshark application program to open a supplied capture file. Examine the provided capture file to gain a better understanding of the TCP/IP processes discussed in lecture. Initiate a simple packet sniffing session on a live network. Locate and examine an ARP exchange from a live network. Use the filter feature of Wireshark 1
Lab1: Procedure Part A: Examining a Sample capture File Task 1: Install Wireshark (Complete this step only if Wireshark is not already installed on your machine.) If Wireshark is not already installed on your machine download it from www.wireshark.org and install it. Please ask your instructor for assistance if required. The Windows install program should automatically install Winpcap. If this program is not installed automatically you can download and install it from http://www.winpcap.org/install/default.htm Task 2: Open the Wireshark application program. Open the Wireshark program and observe the main start-up page. From this page you can perform such tasks as starting a new capture, opening a previously saved capture file, opening one of the many provided sample capture files and get help on using the program. Please note, the appearance of the start-up page differs slightly between versions. Question: What information is available by following each of the start-up screen links? 2
Task 3: Use Wireshark to open the sample capture file named telnet-cooked.pcap The file telnet-cooked.pcap is a sample capture file available from the Wireshark site. You can locate this file from the Wireshark Main Page. Locate the Files section, select Sample Captures. scroll down to locate the telnet captures and download this file to your local machine. A more direct route to locate the file is to browse to: https://wiki.wireshark.org/SampleCaptures Once the file is downloaded you can open it from the Wireshark menu by selecting File |Open and then browsing to the telnet-cooked.pcap file. 1. Question: What information is displayed in the packet list pane, the packet details pane, the packet bytes pane and the status bar? The packet list pane displays all the packets in the current capture file, the packet details pane shows the current packet in a more detailed form, the packet bytes pane shows the data of the current packet in a hex dump style and the status bar displays informational messages. 3
2 Question: Examine the packet details pane. In relation to the OSI model, in what order is the information presented? From the above provided screenshot, the “74 bytes on wire” indicates Physical layer, then the ethernet and src details represents the DataLink layer, The info with source and destination ip addresses indicate Network Layer, Transmission control protocol is the transport layer. 4
Task 4: Examine frame 55 In the packet list pane select frame 55. Expand the fields in the packet details pane to answer the following question. 1. What is the source MAC address of the frame? 00:00:c0:9f:a0:97 2. What is the destination MAC address of the frame? 00:a0:cc:3b:bf:fa 3. What is the source IP address of the packet? 192.168.0.1 4. What is the destination IP address of the packet? 192.168.0.2 5. What is the source port of the segment? 23 6. What is the destination port of the segment? 1550 7. What is the data payload? PING www.yahoo.com (204.71.200.67): 56 data bytes 5
8. What company manufactured the source NIC? How does Wireshark know this? Western Digital, wireshark knows this by the mac address, specifically the Globally Unique Address and Individual Address Task 5: Examine frame 57 In the packet list pane select frame 57. This is the next set of Telnet data in the sequence. Expand the fields in the packet details pane to answer the following questions. 1. What is the source MAC address of the frame? 00:00:c0:9f:a0:97 2. What is the destination MAC address of the frame? 00:a0:cc:3b:bf:fa 3. What is the source IP address of the packet? 192.168.0.1 4. What is the destination IP address of the packet? 192.168.0.2 5. What is the source port of the segment? 23 6. What is the destination port of the segment? 1550 7. What is the data payload? 64 bytes from 204.71.200.67: icmp_seq=0 ttl=241 time=69.885 ms 8. Based on the contents of frame 55 and frame 57, what even has taken place? Be as detailed as possible. In frame 55, the source device has pinged www.yahoo.com, in frame 57, the source received reply from www.yahoo.com. Task 6: Examine frames 1, 2 and 3 Based on the content of these frames, what event(s) has/have taken place during the exchange of these frames? Hint: there is no payload and observe the SYN and ACK bit values. In frame 1, SYN is used to start a TCP session between source and destination by sending SYN request to the destination, in frame 2, the destination acknowledges the SYN, and in frame 3 the source acknowledges back to the destination. 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Related Questions
Explain the inner workings of the Internet Control Message Protocol (ICMP) and its role in network troubleshooting and diagnostics.
Tunnelling is enabled on a network by the protocols that run on its point-to-point transport layer.
Tunnelling is made possible by a network's point-to-point transport layer protocols, which are also the ones responsible for the creation of tunnels.
Tunneling is made possible by a network's point-to-point transport layer protocols, which are also responsible for the creation of tunnels.
Network Security Design is required since servers on a flat network are responsible for most of the company's commercial activity. Demilitarized zones might be formed if necessary. What modifications would you want to see made to the network's current layout?
Cable, DSL and telephone-based modems are functionally different from the routers as far as the communication of message packets is concerned True False Coaxial cable consists of a single copper wire surrounded by at least two layers True False
Tunneling is accomplished by the use of a point-to-point transport layer protocol.
Tunneling is accomplished via the use of a point-to-point transport layer protocol.
Tunnelling is made possible by technologies that operate at the point-to-point transport layer of networks.
In the context of data communications, what does the phrase "DNS attack" mean?
In order to classify the protocols that operate on computers and other electronic devices, the layers of the categorization system are utilized.
It is the point-to-point transport layer protocols of a network that allow for tunnelling.
SEE MORE QUESTIONS
Recommended textbooks for you
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Related Questions
Recommended textbooks for you
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
SEE MORE TEXTBOOKS