Question
In this section you will examine the traffic from the sniffer. Return to the Security Onion box and stop capturing packets. Note how many packets
In this section you will examine the traffic from the sniffer.
Return to the Security Onion box and stop capturing packets. Note how many packets were captured, and verify the capture file was saved with those packets. If the capture file has not yet been saved, save it now to the desktop as Capture.cap.
Switch to Security Onion
Next, analyze the capture file with Snort. Also, make sure to output the resulting alert file to the /home/student directory and use the correct snort.conf file.
Switch to Security Onion
After snort finishes its analysis, review the file generated by Snort for any suspicious events. Do you see any to note?
Switch to Security Onion
Next, continue your analysis and open the capture file with Wireshark to browse the captured packets. Play around with the filters to analyze the captured traffic. For instance, apply a filter to view all TCP reset packets.
Do you see anything indicating a network scan was run against boxes on your network?
Switch to Security Onion
Lastly, log into the Metasploitable box and view the web server logs. Specifically, use the command to view the most recent web server logs.
Notice what breadcrumbs are leftover from the network scan.
The snort.conf file is located at /etc/nsm/onion-dmz-eth0/snort.conf.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Task Breakdown The task involves capturing network trafficanalyzing it with Snort and Wiresharkand t...Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started