FREE Trial
Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Tcpdump and analyzing network traces Ignore any error messages about bad tcp cksum, they are not relevant. For all of the following, show both the

Tcpdump and analyzing network traces

Ignore any errormessages about bad tcp cksum, they are not relevant.

For all of the following, show both the tcpdump command you used, and the output of the command, DO NOT FORGET TO ANSWER ANY QUESTIONS POSED ABOUT THE OUTPUT. This assignment is as much about following instructions carefully as well as using tcpdump and reading network traces. Do not use grep, all results must be filtered with tcpdump filters or macros.

You should always use the nn option to prevent DNS and port lookups on the addresses in the records

File DG3.pcap:

14. Look at the traffic destined to the hosts 10.10.10.21 and 10.10.10.23. Which set of connections are retries and which are successful connections and why?

a) Examine traffic destined to 10.10.10.1. List all anomalies you detect that show signs of packet crafting.

b) Look at all activity to destination port 137. You will want to also include ICMP type 3 and code 3 in your examination. What kind of activity is this and what seems to be happening?

image text in transcribed

No, Tima Source 64.245.54.111 0.000000 2 2.999920 3 9.008089 4 21.001203 5 -29796.2507.. 63.114.187.126 6 -29795.5572 63.114.187.126 7-29111.4023. 63.114.187.126 8 -27991.219 9 466177.0455 1.1.1.1 Destination 10.18.10.23 10.10.10.23 10.10.10.23 10.18.10.23 10.10.10.21 10.18.10.21 10.18.10.21 10.10.10.21 10.18.10.170 10.18.10.170 10.10.10.1 10.10.10.1 Pratocol Length Info TCP TCP TCP TCP TCP TCP TCP TCP TCP 74 3655 74 [TCP Retransmission] 3655 21 ISYN] Seq= win-32120 Len-e MSS=1460 SACK PERM=1 [Packet size unite 74 [TCP Retransmission] 3655 21 [SYN] Seq=4 Win=32120 Len-O MSS=1468 SACK. PERM=1 [Packet size linite 74 [TCP Retransmission] 3655 21 [SYN] Seq-0 win-32120 Len-O MSS-1460 SACK-PERM=1 [Packet size linite 62 1859 143 [SYN] Seq-0 Wins 16384 Len:0 MSSz 1380 SACK-PERM-1 62 1868 143 [SYN] Seq-0 win=16384 Len-e MSs-1380 SACK-PERM=1 62 1866 143 [SYNI Seq=0 win=16384 Len=0 MSS=1380 SACK-PERM-1 62 1881 143 [SYN] Seq=0 Win=16384 Len-O MSS=1388 SACK-PERM=1 74 59988 80 [SYN, ECN] Seqs0 Wina2048 Leni WS-1024 MSSa265 [Packet size limited during capture] ISYN] Seq-0 win-32120 Len-0 MSS 1460 SACK_PERM-1IPacket size limited during capturel 64.245.54.111 64.245.54.111 64.245.54.111 63.114.187.126 18 466177.0455 11 154157.3654.. 1.1.1.1 12 488884.2990. 1.1.1.1 13 488884.2993 10.10.10.1 14 488892.8601. 1.1.1.1 15 488892.8845. 10.10.10.2 16 488901.4419.. 1.1.1.1 17 488901.4436 10.10.10.6 18 488901.9861. 1.1.1.1 19 488901.9866. 10.10.10.8 20 488910.5404.. 1.1.1.1 4 59988 21 [SYN, ECN] Seq-e Win-2048 Len-e Ws-1824 MSS-265 [Packet size limited during capture] 74 0 [FIN, SYN, RST, PSH, ACK, URG] Seq-6 Ack=1 Win-e urg-8768 Len-e MSS-9 [Packet size limited du 42 57594 137 Len TCP ICMP UDP ICMP 8 Destination unreachable (Port unreachable) [Packet size limited during capture 42 57594137 Len 78 Destination unreachable (Port unreachable) [Packet size limited during capture] 42 57594 137 Len-e 78 Destination unreachable (Port unreachable) [Packet size limited during capturel 42 57594 137 Len:0 78 Destination unreachable (Port unreachable) [Packet size limited during capture] 42 57594137 Len-0 10.10.10.2 10.10.10.6 MP 10.18.10.8 UDP ICMP UDP Frame 1: 74 bytes on wire (592 bits), 68 bytes captured (544 bits) Internet Protocol Version 4, Src: 64.245.54.111, Dst: 10.10.10.23 10.10.10.9 Ethernet II, Src: Cisco_48:ee:00 (00:60:5c:48:ee:00), Dst: Cisco_4e:14:40 (00:04:4d:4e:14:48) Transmission Control Protocol, Src Port: 3655, Dst Port: 21, Seq: 0, Len: e [Packet size limited during capture: TCP truncated) 0000 00 04 4d 4e 14400060 5c 48 ee 0 08 00 45 00 e010 00 3c a7 1440003386 1523 40 f5 36 6f ea 8a -HN @.. .<.. odg3.pcap packets: . d splayed: profile: default no tima source destination pratocol length info tcp retransmission isyn seq="win-32120" len-e mss="1460" sack perm="1" size unite win="32120" len-o sack. linite seq-0 win-32120 mss-1460 sack-perm="1" wins len:0 mssz sack-perm-1 mss-1380 len="0" ecn seqs0 wina2048 leni ws-1024 mssa265 limited during capture len-0 sack_perm-1ipacket capturel seq-e win-2048 ws-1824 mss-265 syn rst psh ack urg seq-6 win-e urg-8768 mss-9 du icmp udp unreachable mp frame bytes on wire bits captured internet protocol version src: dst: ethernet ii cisco_48:ee:00 cisco_4e:14:40 transmission control src port: dst seq: len: e capture: truncated ee e010 a7 f5 ea>

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

How To Make A Database In Historical Studies

How To Make A Database In Historical Studies

Authors: Tiago Luis Gil

1st Edition

3030782409, 978-3030782405

More Books

Students also viewed these Databases questions

Question

Describe the tools that augment the traditional SDLC?

Answered: 1 week ago

Question

5. In an attempt to improve WEP's security a proposed modification (known as WEP2) uses 128 bits for the initialization vector (IV) value. In this case, estimate how many packets does it take "on...

Answered: 1 week ago

Question

Assume that you have an employee working in your company who has been treated several times already for substance abuse through the con1pany counselling program. Today, the manager found hin1...

Answered: 1 week ago

Question

Accounting for bonds using amortized cost measurement based on the historical market interest rate. Several years ago, Huergo Dooley Corporation (HDC) issued $2,000,000 face value, 8% semiannual...

Answered: 1 week ago

Question

Tcpdump and analyzing network traces Ignore any error messages about bad tcp cksum, they are not relevant. For all of the following, show both the tcpdump command you used, and the output of the...

Answered: 1 week ago

Question

A college administration has conducted a study of 171 randomly selected students to determine the relationship between satisfaction with academic advisement and academic success. They obtained the...

Answered: 1 week ago

Question

Andy's Online Retail knows that the average customer spends $210 per online shopping trip if they follow through with the purchase. She currently posts 525 sales per week online, but the cart...

Answered: 1 week ago

Question

Given an annual effective rate of interest 3.3%, find the AV of an 11-year annuity with continuous payments at the rate of$4000 a year at time 16. (Note that the payments stop at time 11 but the...

Answered: 1 week ago

Question

A pension fund purchased an office block nine months ago for $5million .The refurbishment in two months time . A company has agreed to occupy the office block six months from now .The lease agreement...

Answered: 1 week ago

Question

Revise the data in your worksheet to reflect the results for the subsequent period as shown below: 1 Chapter 10: Applying Excel A B D E 2 3 Data 4 Exhibit 10-2 Standard Cost Record - Variable...

Answered: 1 week ago

Question

Question (20) Namib Leather Ltd purchases leather which is cut into small strips. These strips are then sewn together to make car seat covers. The standard variable cost per seat cover is as follows:...

Answered: 1 week ago

Question

3. Describe the strategic training and development process.

Answered: 1 week ago

Question

10. Microsoft Corporation

Answered: 1 week ago

Question

4. EMC Corporation

Answered: 1 week ago

Previous Question Next Question