20240310_13_SunhengNguon

.docx

School

University of Cincinnati, Main Campus *

*We aren’t endorsed by this school

Course

3075C

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

2

Uploaded by DoctorFlagCamel35

Report
IT3075C-002: Network Monitoring & IPS Sunheng Nguon Assignment 13: Packet Analysis 1. Sure, Scott is one of your best friends at the company, but he’s always asking for computer help. No amount of training seems to work. Today he sent you a text message to complain that his computer hard drive light is always blinking on – even when he’s not touching the keyboard. With a promise of decent drinks after work, you remotely connected to his machine and started capturing traffic. Sure enough – loads of packets were flying around. Just then, Scott arrived in your office. Hmmm… Scott is here, but his computer seemed to have a lot of network activity going on. You stopped the trace to see what happened in the BACKGROUND on his system. challengewhatsup.pcapng a. How many different IP hosts is Scott’s machine communicating with? [142 IP hosts] b. How many HTTP POST requests did Scott’s machine send? [3 HTTP POST request] c. What location information is contained in the POST to scanscout.com? [San Francisco, San Jose, Oakland] d. What application appears to be generating these GET/POST requests? [Internet Explorer Version 7.0 ]
IT3075C-002: Network Monitoring & IPS Sunheng Nguon Assignment 13: Packet Analysis 2. A friend knows you are taking this course and wants your help. This capture file was taken from a network which was experiencing a “Zero-day” attack and was completely overwhelmed. It is also reported that some of the Nodes within the network appear to be unable to update their Anti-Virus/Security software. The Network Administrator has given you this file that contains what he considers “Suspicious” behavior and has asked you to help. The Administrator can tell you that 141.157.228.12 is a Server and that 10.1.1.31 is a client machine. challengeattack.pcapng a. What file transfer application is seen in this trace file? [TFTP (Trivial File Transfer Protocol)] b. What is the IP address of the host that is receiving a file? [10.1.1.31] c. What is the name of the file that is being transferred? [mblast.exe] d. What traffic is usually found on TCP port 4444? [Malicious traffic such as worms that is often used as a backdoor for trojan horse software]
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help