CYB227 Week 4 Paper
docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
227
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by ProfessorPencil11360
Wireshark Analysis Week 4
Wireshark Analysis Week 4
Question 4-1
The coloring rule that is used for frame 170 is the Bad TCP rule. The coloring rule that is used is
red foreground and black background. This coloring rule helps identify bad TCP implementations and
functions. To come to this conclusion, we used the following steps:
1.
Open the Wireshark application.
2.
Open the trace file challenge101-4.pcapng from the file menu.
3.
Press the go to specified packet button and enter 170.
4.
Press the go to packet button or press enter.
5.
In the packet details pane, expand the frame 170 and scroll down to coloring rule name.
6.
Take a screenshot.
Question 4-2
Using the display filter
tcp.stream==5
, you are able to identify that
13
packets match the filter.
The coloring scheme is black foreground with teal background. Applying the light blue will allow you to
identify the frames for that stream. To come to this conclusion, we used the following steps:
1.
Open the Wireshark application.
2.
Open the trace file challenge101-4.pcapng from the file menu.
3.
Input the display filter
tcp.stream==5
in the display filter bar.
4.
Press the apply display filter button or press enter.
5.
Right click on the first frame in the packet list pane.
6.
Hover over colorize conversion, then tcp, and select color 6.
7.
Take a screenshot.
8.
Remove the display filter by deleting it and hitting enter of pressing the clear display filter
button.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Question 4-3
Using the display filter
tpc.time_delta > 100
and a coloring rule we can identify that 9 frames
have a delta time greater than 100 seconds. The color scheme is black foreground with blue background
to identify frames with delta times greater than 100 seconds. One frame retained the color scheme from
the previous question. To come to this conclusion, we used the following steps:
1.
Open the Wireshark application.
2.
Open the trace file challenge101-4.pcapng from the file menu.
3.
Input the display filter
tcp.time_delta > 100
in the display filter bar.
4.
Press the apply display filter button or press enter.
5.
Using the same display filter, create a coloring rule with black foreground and blue
background.
6.
In the packet details pane expand transmission control protocol and timestamps.
7.
Right click on time since previous frame and apply as column.
8.
Take a screenshot.
Question 4-4
The average TCP delta time is
115.2703762
, we are able to identify this by creating a TCP Delta
time column and export as a CSV file. The color schemes used are black foreground on blue background
and black foreground on teal background. To come to this conclusion, we used the following steps:
1.
Open the Wireshark application.
2.
Open the trace file challenge101-4.pcapng from the file menu.
3.
Input the display filter tcp.time_delta > 100 in the display filter bar.
4.
Press the apply display filter button or press enter.
5.
Go to file in the menu bar, and hover over export packet dissections
6.
Click on “as CSV”
7.
Save file to folder.
8.
Open the file in excel and insert =AVERAGE(C2:C10) in the bottom of column C.
9.
Take a screenshot.