Lab W5L5 (1)

docx

School

University of Ottawa *

*We aren’t endorsed by this school

Course

8802

Subject

Electrical Engineering

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by mabou055

Week 5 Lab 5 – Apply Filters During Capturing Packets DUE: Week5 VALUE : 3% Objective of this Assignment: In this lab, learners learn how to use and apply filters during Packet capture process to reduce to have precise data. Relevant Course Learning Requirements:  CLR 4: Perform network analysis on various network packet captures to determine whether a security issue is present and an Indicator of Compromise (IoC) needs to be created. Lab Topology/Addressing

Week 5 Lab 5 – Apply Filters During Capturing Packets Lab summary:  Apply Filters to reduce numbers of captured packet Background / Scenario Using packet capture tools and applications, generate lots of output and it will be hard to select specific packets for monitoring or investigation any ongoing attack. Using Filters, will reduce number of captured packet and it will sniff more specific packets, based on filtering criteria. Please note: 1) Screen shots provided in the Lab activities may not be the same as you see on the machine that you run Packet Capture tool. 2) “ Username” is your College username. 3) Save all screen captures and answers in a file named “W5_L5_ username .docx” and upload to the Week 5 Lab submission folder. Part 1) Filtering on Wireshark Run “Wireshark ” on PC1 Part 1) Capture Filter a) Select the profile that you have created under your username in Week2 Lab2. Click on the Bookmark icon ( ) on the Filter Toolbar. Add a new filter to the list of existing filters and take a screen capture. (By selecting Manage Capture Filters, then click on +)

Week 5 Lab 5 – Apply Filters During Capturing Packets In the “Filter Expression” add “host 10.10.4.21 and !(port 80)” Which packets are filtered by this filter?________________ b) Enter following as filter in the Filter toolbar and start capturing packet !(host 10.10.4.21) Stop capturing packets after 5 minutes and take a screen capture. c) Click on “Capture Option” in the main toolbar. Verify the same filter is shown in the Capture Filter columns for that specific interface also it shows in the Capture Filter Toolbar and take a screen capture. d) Clear the Filter by click on the “x” icon at the right side of filter toolbar. e) Click on the “Start” to start capturing packets. Make sure there is no longer any Filter applied. Part 2) Display Filters

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Week 5 Lab 5 – Apply Filters During Capturing Packets a) Add “tcp” in the display filter toolbar to only captured tcp stream and take a screen capture. Please note , you need to click on ( ) or press “Enter” to start capturing. b) Notice in the status bar, it shows the filter and also number of captured packets. c) Change the filter as below and continue capturing and and take a screen capture. tcp or ip.addr==<IP Address of Web Server> d) Change filter to “frame.len < 54”. Which packets are filtered by this filter?________________ Part 3) Filtering on tcpdump Connect to Kali Linux from PC1 and PC2 (Using SSH) a) On Kali Linux, filter packets on the IP address of the device and take a screen capture at the end of the packet capturing. tcpdump -c 20 host 10.10.4.22 b) On Kali Linux, filter packets based on the following command and compare with the output on activity a) in this part. Take a screen capture. tcpdump -c20 src host 10.10.4.22 and not host 10.10.4.21 c) What is the difference in the output of steps a) and b) above. d) Filter tcpdump output based on the following requirement and take a screen capture.

Week 5 Lab 5 – Apply Filters During Capturing Packets Source IP 10.10.4.21 or protocol icmp for 5 packets on any interface e) What packets are filtered by following command? tcpdump 'src 10.10.4.21 and (dst port 3389 or 22)' Part 4) Analyze PACP File Open file “W5L5.pcapng” a) List all the IP addresses that captured in the “W5L5.pcapng” file and take a screen capture. Hint: You can use “Endpoints” window. b) Go to packet 317. Follow the stream and take a screen capture. c) Back to packet 317 and find following information: What is the protocol name?______ Is it TCP or UDP?_______ What is the protocol port number?______ What is the Destination IP?___________ d) Take a screen capture from listed information in “Endpoint” window under Statistics for the destination IP address in step c) above. e) Can you find any suspicious traffic in “W5L5.pcapng” file? If yes, please identify: Type of suspicious activity or activities: Source IP Address(es) Destination IP Addresses(es)

Week 5 Lab 5 – Apply Filters During Capturing Packets This is the end of the lab. Please submit all the results, as instructed in the lab activities to the Brightspace Week 5 Lab 5 Submission folder. Grading Criteria Exceptional Proficient Unsatisfactory Insufficient 3 2 1 0 Part1, Step a All requested information Some requested information An image with new filter No answer Part1, Step b An image with result of the applied filter Some requested information An image with wrong filter No answer Part1, Step c Capture option image with requested information Some requested information Wrong interface or filter No answer Part2, Step a An image with requested filter An image with wrong filter An image without requested filter No answer Part2, Step c An image with requested filter An image with wrong filter An image without requested filter No answer Part2, Step d All requested information An image with requested filter or answer to the question An image without requested filter No answer Part3, Step a An image with requested filter An image with some requested information An image with wrong result No answer Part3, Step b An image with requested filter An image with some requested information An image with wrong result No answer Part3, Step c All differences Some Explain the output No answer

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Week 5 Lab 5 – Apply Filters During Capturing Packets between steps a) and b) differences between steps a) and b) but no difference Part3, Step d An image with requested filter An image with some requested information An image with wrong result No answer Part3, Step e An answer with all filters in the command An answer explaining some filters in the command Explain the output without filter definition No answer Part4, Step a An image with all IP addresses An image with some IP addresses An image of pcap file in the wireshark No image Part4, Step b An image with requested information Image of packet without follow the stream output Image of wrong packet No image Part4, Step c All requested information Right answer to 3 questions Right answer to 1 question No answer Part4, Step d An image with requested information Image without destination IP Image from other packet No. No image Part4, Step e All requested information Right answer to 2 questions Identify right suspicious traffic No answer Total marks: /48 Total value: /3%