Lab3_Sniffing

pdf

School

University of Rochester *

*We aren’t endorsed by this school

Course

3710

Subject

Computer Science

Date

Feb 20, 2024

Type

pdf

Pages

7

Uploaded by SargentFlagKomodoDragon15

Report
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 1 Lab Exercise 3 – Sniffing Due Date: February 16, 2024 11:59pm Points Possible: 7 points Name: Ziqian Zhao By submitting this assignment you are digitally signing the honor code, “On my honor, I pledge that I have neither given nor received help on this assignment.” Generative AI assistance is NOT permitted on this assignment. 1. Overview In this exercise, you will be introduced to Wireshark, a very useful tool that covers an important network monitoring, security, and forensic concept – reading and understanding networking traffic. Wireshark (software known as a packet analyzer or sniffer) allows you to view pieces of data (called packets) in real-time as they go in and out of a system and can be saved as packet capture (pcap or cap) files. In this exercise, you will be analyzing packet capture files as well as capturing live network traffic in real-time. 2. Resources required This exercise requires a Kali Linux VM running in the Cyber Range. Please log in at https://console.virginiacyberrange.net/. 3. Initial Setup From your Virginia Cyber Range course, select the Cyber Basics environment. Click “start” to start your environment and “join” to get to your Linux desktop. 4. Tasks Task 1: Analyzing a Wireshark capture file **NOTE – you can complete Task 1 of this lab on your own computer if you install Wireshark. Otherwise, use Wireshark on the Cyber Range, but make sure to use the range’s web browser to download the pcap file to the range. Wireshark offers a variety of sample packet captures to analyze for learning about network traffic, attacks, and how to use the tool. You can find the whole list at: https://wiki.wireshark.org/SampleCaptures. Go to SampleCaptures wireshark page and click on Telnet and then click on the telnet- cooked.pcap to download it. On the Cyber Range, the file will be downloaded to the /home/student/Downloads folder. You can open the pcap file from within an open Wireshark GUI by going to File -> Open, or you can open the file from the command line by supplying
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 2 Wireshark the path and file name. You can also drag the file to an open Wireshark window to open it. If you are asked for a password to run Wireshark the password is student . Question #1: What is the username and password of the Telnet user? (.5 point) Username: fake Password: user Question #2: What is the operating system and version of the server that the user logged into? (.5 point) operating system: OpenBSD Version: 2.6-beta Question #3: Once the user was logged in what commands did they run? (.5 point) ls, ls -a, exit Next download an HTTP packet capture with several downloaded images here: https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/http_with_jpe gs.cap.gz Open this file in Wireshark to analyze it. Question #4: Paste a screenshot of the last image that was downloaded. (.5 point)
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 3 Question #5: What is the date and time that the image was downloaded? (.5 point) Arrive time: Nov 19, 2004 22:29:25.268602000 UTC Now it’s time to do some cyber forensics analysis on FTP. Download and open a new pcap file from http://artifacts.virginiacyberrange.net/gencyber/ftp_attack.pcap . This is a packet capture of a file transfer using FTP. FTP uses ports 21 and 20. Port 21 is the command port and port 20 is the data port. Open the file in Wireshark to begin your analysis.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 4 The user logs in early on in the capture and downloads a file. Inspect this traffic and answer the following questions: Question #6: What is the username and password of the FTP user? (.5 point) Username: anonymous Password: h4x0r@evil.com Question #7: What is the name and version of the FTP software on the server? (.5 point) Name: vsFTPd Version: 2.2.2 Question #8: What is the name of the file that was downloaded? (.5 point) File.txt. Question #9: What is the content of the file downloaded? (.5 point) Test file for download. Later in the FTP capture the user tries to log in using another username.
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 5 After many failed password guesses the user guesses the correct password and is authenticated to the FTP server. Inspect this traffic and answer the following questions: Question #10: What is the new username and password of the FTP user that is successfully authenticated? (.5 point) Username: golightly Password: letmein Question #11: What are the names of the 2 files that were downloaded while logged in as this new user? (.5 point) 1. CC_data.csv; 2. passwd. Question #12: Cut and paste a screenshot of the contents of the two files that were downloaded while logged in as this user. (.5 point)
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 6 Hints: FTP filtering will help here. Also, HTTP files can be downloaded as an object, but FTP file transfers are embedded in the data channel. You will need to research how to extract them. Task 2: Capturing traffic real-time using Wireshark **NOTE – Task 2 must be completed in the Cyber Range. Now let’s take a look at some real-time packet capturing. Make sure that you are running Wireshark as root. Start a real-time capture in Wireshark and then open a Web Browser within the Cyber Range and go to the site dvwa.example.com. You will see a login screen. Log in using the username of admin and the password of password . You can exit out after you have logged in and then stop the Wireshark capture. Filter your packet capture to show the HTTP POST where you entered your username and password. Question #13: What filter did you use? (.5 point) http.request.method == "POST".
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CS 3710 Introduction to Cybersecurity Term: Fall 2024 © 2024 Virginia Cyber Range. Created by Thomas Weeks. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia 7 Question #14: Cut and paste a screenshot of your packet capture that shows the username and password. (.5 point) It is the line start with “username=”. The full sentence is “username=addmin&password=password&Login=Login&user token=90e3de042ba89d2ead79ef0c17cfe4d4” as shown in blue highlight below. NOTE: We will be using dvwa.example.com in future labs, so feel free to look around. By submitting this assignment you are digitally signing the honor code, “I pledge that I have neither given nor received help on this assignment”. END OF EXERCISE References Wireshark https://www.wireshark.org/

Related Documents

CP4P_NumberSystems_Activity_Answers.docx
SDEV-M07 Evaluate_ Quiz - Arrays and File I_O_ Knowledge Assessment for IT - Cohort 8 Virtual Instru
Oryzanin_outcroppings_areae.docx
Technology Lesson Demonstration.docx
Lab1_Password_Cracking.docx
Lab2_Recon_Network_Scanning.docx
Framework for Enhancing Digital Proficiency K Lazard.docx
metcs633_M3_A3_Optimize Peer Reviews(1).docx
CSC420 Week 2 Exercise Lab.docx
3.1.4 Section Quiz.pdf
CSC420 Week 1 Exercise Lab.docx
CSC305-Week 1 Written Assignment.docx
Recommended textbooks for you
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS