Matching TCP Packets to Detect Stepping-Stone Intrusion Check all the RTTs from the matched Send and Echo packets to see how many connections from the sensor to the target using Step-function approach. Explain how you get the results briefly and include a graph. Send:14:34:12.377008 seq 3932545332:3932545368, ack 2793141764 Echo:14:34:12.378529 seq 1:37, ack 36 RTT: 378529-377008 = 1,521 ms(milliseconds) Send:14:34:14.824118 seq 36:72, ack 37 Echo:14:34:14.825291 seq 37:73, ack 72 RTT: 825291-824118 = 1,173 ms(milliseconds) Send:14:34:16.175006 seq 72:108, ack 73 Echo:14:34:16.175788 seq 73:109, ack 108
Lab 7: Matching TCP Packets to Detect Stepping-Stone Intrusion
Check all the RTTs from the matched Send and Echo packets to see how many connections from the sensor to the target using Step-function approach. Explain how you get the results briefly and include a graph.
Send:14:34:12.377008 seq 3932545332:3932545368, ack 2793141764
Echo:14:34:12.378529 seq 1:37, ack 36
RTT: 378529-377008 = 1,521 ms(milliseconds)
Send:14:34:14.824118 seq 36:72, ack 37
Echo:14:34:14.825291 seq 37:73, ack 72
RTT: 825291-824118 = 1,173 ms(milliseconds)
Send:14:34:16.175006 seq 72:108, ack 73
Echo:14:34:16.175788 seq 73:109, ack 108
RTT: 175788-175006 = 782 ms(milliseconds)
Send:14:34:18.024102 seq 108:144, ack 109
Echo:14:34:18.025610 seq 109:145, ack 144
RTT: 025610-024102 = 1,508 ms(milliseconds)
Send:14:34:19.504724 seq 144:180, ack 145
Echo:14:34:19.505846 seq 145:181, ack 180
RTT: 505846-504724 = 1,122 ms(milliseconds)
Send:14:34:20.799919 seq 180:216, ack 181
Echo:14:34:20.801264 seq 181:217, ack 216
RTT: 801264-799919 = 1,345 ms(milliseconds)
Send:14:34:21.967856 seq 216:252, ack 217
Echo:14:34:21.969321 seq 217:253, ack 252
RTT: 969321-967856 = 1,465 ms(milliseconds)
Send:14:34:23.178583 seq 252:288, ack 253
Echo:14:34:23.180000 seq 253:289, ack 288
RTT: 180000-178583 = 1,417 ms(milliseconds)
Send:14:34:24.384444 seq 288:324, ack 289
Echo:14:34:24.385956 seq 289:325, ack 324
RTT: 385956-384444 = 1,512 ms(milliseconds)
Send:14:34:25.671939 seq 324:360, ack 325
Echo:14:34:25.673370 seq 325:361, ack 360
RTT: 673370-671939 = 1,431 ms(milliseconds)
Send:14:48:06.544514 seq 559408000:559408036, ack 2957364899
Echo:14:48:06.549857 seq 1:37, ack 36
RTT: 549857-544514 = 5,343 ms(milliseconds)
Send:14:48:07.973049 seq 36:72, ack 37
Echo:14:48:07.977363 seq 37:73, ack 72
RTT: 977363-973049 = 4,314 ms(milliseconds)
Send:14:48:09.082166 seq 72:108, ack 73
Echo:14:48:09.088008 seq 73:109, ack 108
RTT: 088008-082166 = 5,842 ms(milliseconds)
Send:14:48:10.034353 seq 108:144, ack 109
Echo:14:48:10.040002 seq 109:145, ack 144
RTT: 040002-34353 = 5,649 ms(milliseconds)
Send:14:48:11.039598 seq 144:180, ack 145
Echo:14:48:11.045285 seq 145:181, ack 180
RTT: 045285-039598 = 5,687 ms(milliseconds)
Send:14:48:12.237620 seq 180:216, ack 181
Echo:14:48:12.243329 seq 181:217, ack 216
RTT: 243329-237620 = 5,709 ms(milliseconds)
Send:14:48:13.372082 seq 216:252, ack 217
Echo:14:48:13.377755 seq 217:253, ack 252
RTT: 377755-372082 = 5,673 ms(milliseconds)
Send:14:48:14.596537 seq 252:288, ack 253
Echo:14:48:14.602017 seq 253:289, ack 288
RTT: 602017-596537 = 5,480 ms(milliseconds)
Send:14:48:15.813958 seq 288:324, ack 289
Echo:14:48:15.819661 seq 289:325, ack 324
RTT: 819661-813598 = 6,063 ms(milliseconds)
Send:14:48:16.973880 seq 324:360, ack 325
Echo:14:48:16.979417 seq 325:361, ack 360
RTT: 979417-973880 = 5,537 ms(milliseconds)
Send:14:49:42.919910 seq 559410196:559410232, ack 2957367915
Echo:14:49:42.928176 seq 1:37, ack 36
RTT: 928176-919910 = 8,266 ms(milliseconds)
Send:14:49:44.326967 seq 36:72, ack 37
Echo:14:49:44.335452 seq 37:73, ack 72
RTT: 335452-326967 = 8,485 ms(milliseconds)
Send:14:49:45.649194 seq 72:108, ack 73
Echo:14:49:45.656348 seq 73:109, ack 108
RTT: 656348-649194 = 7,154 ms(milliseconds)
Send:14:49:46.825286 seq 108:144, ack 109
Echo:14:49:46.833971 seq 109:145, ack 144
RTT: 833971-825286 = 8,685 ms(milliseconds)
Send:14:49:47.929721 seq 144:180, ack 145
Echo:14:49:47.936303 seq 145:181, ack 180
RTT: 936303-929721 = 6,582 ms(milliseconds)
Send:14:49:49.099514 seq 180:216, ack 181
Echo:14:49:49.108420 seq 181:217, ack 216
RTT: 108420-099514 = 8,906 ms(milliseconds)
Send:14:49:50.187305 seq 216:252, ack 217
Echo:14:49:50.193041 seq 217:253, ack 252
RTT: 193041-187305 = 5,736 ms(milliseconds)
Send:14:49:51.252137 seq 252:288, ack 253
Echo:14:49:51.264753 seq 253:289, ack 288
RTT: 264753-252137 = 12,616 ms(milliseconds)
Send:14:49:52.436190 seq 288:324, ack 289
Echo:14:49:52.447116 seq 289:325, ack 324
RTT: 447116-436190 = 10,926 ms(milliseconds)
Send:14:49:53.773287 seq 324:360, ack 325
Echo:14:49:53.782287 seq 325:361, ack 360
RTT: 782287-773287 = 9,000 ms(milliseconds)
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
