Question
In Wireshark download this packet file and determine the following. Packet File -----> : https://ufile.io/x77gc Here is a description on how to answer the questions....
In Wireshark download this packet file and determine the following.
Packet File -----> : https://ufile.io/x77gc
Here is a description on how to answer the questions....
Some activity is abnormal, some is normal, and some is mixture of both. If it's normal network traffic without anything suspicious, don't overthink it; report on why it's normal and move on. If you can't ascertain whether or not it's abnormal, tell me why and move on. There are examples of both of those situations in the packet capture.
(Good description vs poor description)
Poor:
IP xxx.xxx.xxx.xxx is accessing port 21 over TCP on IP xx.xx.xx.xx
While this is a fact, it's not useful information as it missing the description which makes it relevant to what's going on.
Good:
IP xxx.xxx.xxx.xxx is attempting to connect to port 21 on IP xxx.xxx.xxx.xxx. Port 21 is ftp, which sends credentials in the clear. The series of packet captures shows that the intruder was attempting to guess passwords for user "sumowrestler". The intruder was eventually successful after the 5th try. The passwords guessed were "password", "sumo", "wrestler", "beatles" and "sumo1", the latter of which allowed the intruder to gain access to the computer.
1. Is the activity occurring in packets 2-3 abnormal? If so, provide a detailed interpretation of what is occurring, and the possible uses of the information gained. If theres nothing suspicious, tell me so, and explain why its normal traffic.
2. Is the activity occurring in packets 5-37 abnormal? If so, provide a detailed interpretation of what is occurring, and the possible uses of the information gained.
3. Is the activity occurring in packets 42-84 abnormal? If so, provide a detailed interpretation of what is occurring, and the possible consequences.
4. Is the activity occurring in packets 91-132 abnormal? If so, provide a detailed interpretation of what is occurring, and the possible consequences such as how many ports are involved and their associated services. What information would be gained and how could it be used by an attacker?
5. Is the activity occurring in packets 139-1157 abnormal? Hint: this is a TCP stream so you can select the first packet > Right-Click > "Follow TCP Stream" (or Follow > TCP Stream depending on your version) and Wireshark will extract those packets in to a single readable stream. Provide a detailed description and interpretation of what is occurring along with possible consequences. There is a lot going on there; tell me what happened.
6. Is the activity occurring in packets 1160-1182 abnormal? If so, provide a detailed interpretation of what is occurring. This may require a light Googling. Hint: This is also a TCP Stream; see above.
7. Is the activity occurring in packets 1184-1475 abnormal? If so, provide a detailed interpretation of what is occurring, and the possible uses of the information gained. Hint: You guessed it also a TCP Stream.
8. Is the activity occurring in packets 1476 through the end of the packet capture abnormal? If so, provide a detailed interpretation of what is occurring, and the possible uses of the information gained.
9. Can you determine who was the attacker and, in your opinion, were the skills of the attacker low, moderate, or high and why.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Oracle RMAN For Absolute Beginners
Authors: Darl Kuhn
1st Edition
1484207637, 9781484207635
