NFLab4

pdf

School

University of Akron *

*We aren’t endorsed by this school

Course

281

Subject

Computer Science

Date

Dec 6, 2023

Type

pdf

Pages

11

Uploaded by MasterEnergy7404

Report
11 LAB 4 Lab 4- Wireshark Flow Analysis Shakyra Depree Bentley The University of Akron Network Forensics I DGFR:441-001 Professor: Stanley Smith Date: 15 November 2023
12 LAB 4 Purpose: The purpose of this lab is to use Wireshark to analyze sample packets from the files. This will be done by displaying an understanding of using Wireshark panels. The following commands that will be in use during this lab will be the following: tshark, ngrep, and tcpflow; the use of this commands will demonstrate the use of Kali Linux on students Virtual Machines. With this command in use students will present the information outputted in the packets using Kali Linux and Wireshark combined. In this lab students will demonstrate their understanding of how to follow a TCP Stream and present their findings. This is the purpose of the Lab 4- Wireshark Flow Analysis. Scope: The scope of this assignment is using the Chapter 4 of the textbook to display the use of tshark, ngrep, and tcpflow. In this lab report using Wireshark and Kali Linux to present the packets in Kali Linux. Using the tcpflow command, identified by the quartet of socket elements of source IP/Port and destination IP/Port. This is the scope of Lab 4- Wireshark Flow Analysis. Limitations: The limitations of this lab 4 is not having access to Wireshark and Kali Linux to complete all fascists of the lab assignment. Another limitation that can be presented during the lab is not using the allowed textbook to research topics and key points needed to complete the lab. Those are the limitations of the Network Forensics I Lab 4.
13 LAB 4
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
14 LAB 4 Lab Assignment: 1. Provide an illustration which shows the three (3) main Wireshark panels and explain the purpose for each panel. 1. 1. Figure 1 displays the 1 shows the search bar to find specific parts of a packet, the main panel that shows each frame’s source, destination, used protocol, and frame length, and the bottom panel shows in depth information about the select frame, including destination and source addresses and ports, header length, and used protocol 2. 1. Figure 2 shows the dropdown menus for each layer of the selected packet.
15 LAB 4 3. 1. Figure 3 displays the hexadecimal values and coordinating offset 2. Demonstrate using tshark and provide three (3) examples containing flags/options [ note - show at least five (5) lines of output for each example ]. 1. 2. 3.
16 LAB 4 3. Demonstrate using ngrep and provide two (2) examples containing flags/options [ note - show at least three (3) lines of output for each example ]. 1. 2. 4. Demonstrate using the Wireshark function "Follow TCP Stream" to select a packet that is part of a TCP stream in the Packet List view. 1. In the Wi-Fi packet of WireShark, go to your search engine device and look up a website for example I used Toyota.com. Once WireShark collects that information, find the TCP protocol for SYNC. Double click Syn then, scroll from the options till you see follow, then click TCP stream, where you will find the information you are looking for.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
17 LAB 4 2. 5. Explain the output from the TCP stream which Wireshark automatically reconstructs the full duplex contents of the stream from beginning to end. 1. The duplex contents do not represent an actual packet. This test file has a pattern of letters and symbols. 2. 6. Demonstrate using tcpflow and provide two (2) examples containing flags/options [ note - show at least three (3) lines of output for each example ].
18 LAB 4 1. 7. Explain the output from the tcpflow command-line tool and how it extracts all the streams in one fell swoop, saving their contents to files. 1. Using the tcpflow - r ‘filename’ ‘host ip address and port number’ command, you will use tcpflow with a BPF filter to extract any TCP flows that relate to the IP address you identified on a specific port and save the output to a file of your choosing 8. Explain how the tcpflow files are identified by the quartet of socket elements of source IP/Port and destination IP/Port. 1. filenames used to save tcpflow output should correspond to the source and destination IP addresses and ports that were accessed. 9. Demonstrate using a hex editor to view the contents of the files generated by the tcpflow command-line tool. 1. A hex editor is a program that lets you inspect and manipulate the contents of packet captures. You can manually recreate data if necessary by accessing the file used to store tcpflow outputs.
19 LAB 4 Network Forensics Acquisition Process: The Data from Lab 4 by taking screen captures from the Command Line and VirtualBox- Kali Linux and from Wireshark. The data presented in the lab are commands used from various applications to display evidence of Tshark, tcpflow, nrep. By using the tcpflow command in the report I represented captured that data transmitted as part of TCP connections (flows) and stores the data in a way that is convenient for protocol analysis or debugging. In the ngrep command in Kali linux the information displayed the traffic going to coming on the network interface. Ngrep allows specifying an extended regular or hexadecimal expression to match against the data payload of packets, which is displayed in question 3 of the lab. Network Forensics Analysis/Examination : In the creation of this report there was no incident report and or found. In using Wireshark there were no issues using the application or shutdown of any process. Then the same can be said when in the use of Kali Linux VM, all applications worked in formulating this lab report.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
110 LAB 4 Glossary of Terms: 1. Hex editor- A tool that allows you to view and modify raw bits of data, including packet captures. 2. Ngrep- A libpcap-based tool designed to identify packets of interest based on the presence or absence of specific strings, binary sequences, or patterns anywhere in the packet 3. Tshark command- a command line network protocol analysis tool that is part of the Wireshark distribution. Libpcap-based. 4. Tcpflow- command used to extract data from TCP streams. Can reassemble and extract the payloads of any TCP stream in a libpcap packet capture 5. Wireshark- a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
111 LAB 4 References: Anderson, Paul. “7.2. Following Protocol Streams.” 7.2. Following Protocol Streams , 12 May 2012, www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowStreamSection.htm l. Davidoff, Sherri, and Jonathan Ham. Network Forensics: Tracking Hackers Through Cyberspace . Prentice Hall, 2012. Hudson, Damion. “Tcpflow: Kali Linux Tools.” Kali Linux , 17 Aug. 2023, www.kali.org/tools/tcpflow/#:~:text=tcpflow%20is%20a%20program%20that,d ata%20that’s%20actually%20being%20transmitted .

Related Documents

6362_prereq_10.doc
3.3 & 3.4 Comprehension Quiz: ASL 101-50-4238.pdf
DAD-220-Module-Three-Lab-CMoore.docx
IT-140-Moudle-Four-Assignement-CMoore.docx
BIOL1050_Lab Module 3_Poster template (1).pptx
Spring 2022 CECS 274 Lab 6 -- Searching & Sorting (corrected).pdf
NetworkForensics2lab.pdf
NetworkForensics2lab (1).pdf
CS556_Homework5.doc
Final.pdf
Assignment 1.docx
CYB 240 Module Two Lab Worksheet-JohnHensley(1).docx
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Operations Research : Applications and Algorithms
Computer Science
ISBN:9780534380588
Author:Wayne L. Winston
Publisher:Brooks Cole
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Operations Research : Applications and Algorithms
Computer Science
ISBN:9780534380588
Author:Wayne L. Winston
Publisher:Brooks Cole
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
SEE MORE TEXTBOOKS