Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Task Overview PCAP FILE- https://github.com/ACandeias/IntrusionDetection/tree/master/PCAP This lab is intended to be run in a Linux virtual machine that has the program Wireshark installed at Security

Task Overview

PCAP FILE- https://github.com/ACandeias/IntrusionDetection/tree/master/PCAP

This lab is intended to be run in a Linux virtual machine that has the program Wireshark installed at Security Onion.The students will practice using the tools Wireshark, Tshark, and NetMiner to analyze packets captured during different attack scenarios. They will use their knowledge of network protocols to evaluate what happened in the attacks and extract important data from the captured traffic. Additionally, students will be introduced to setting up Access Control Lists (ACLs) using the IPTables tool.The program comes pre-installed in the SecurityOnion VM. To start it, open the start menu in the top left corner and go to Security Onion > NetworkMiner, and the program will open to empty analysis panes. In the menu options of the program, select File > Open > IntrusionDetection > PCAP in order to choose a PCAP file to open.

Dropbox link for the actual question- https://www.dropbox.com/s/96z2w69yz3am7w4/Lab3-Advanced%20Packet%20Analysis.pdf?dl=0

image text in transcribed

image text in transcribed

image text in transcribed

Student Exercises lete all of the tasks provided below, and write a report responding to the questions outlined in the exercises and explaining how you found your answers. Screenshots should be used sparingly and should only contain the relevant information, not the whole desktop. You can use any of the tools discussed in the labs to perform the analysis. Task 1 - PCAP Analysis Using the provided PCAP files, analyze each capture and answer the following questions AnglerAttack.pcap Identify all domains from the capture. .What information leads you to believe this is malicious activity? ShellShock.pcap . Identify how the attacker was able to view the /etc/passwd file over HTTP Student Exercises lete all of the tasks provided below, and write a report responding to the questions outlined in the exercises and explaining how you found your answers. Screenshots should be used sparingly and should only contain the relevant information, not the whole desktop. You can use any of the tools discussed in the labs to perform the analysis. Task 1 - PCAP Analysis Using the provided PCAP files, analyze each capture and answer the following questions AnglerAttack.pcap Identify all domains from the capture. .What information leads you to believe this is malicious activity? ShellShock.pcap . Identify how the attacker was able to view the /etc/passwd file over HTTP

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Big Data, Mining, And Analytics Components Of Strategic Decision Making

Authors: Stephan Kudyba

1st Edition

1466568704, 9781466568709

More Books

Students also viewed these Databases questions

Question

=+Are the contracts enforceable?

Answered: 1 week ago