Lab W6L6
docx
keyboard_arrow_up
School
University of Ottawa *
*We aren’t endorsed by this school
Course
8802
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
15
Uploaded by mabou055
Week 6 Lab 6 – Save Packet Capture Logs
DUE:
Week6
VALUE
:
3%
Objective of this Assignment:
In this lab, learners learn how to make different pcap files to reduce size of pcap files and merge different pcap files to have a single file to analyze an event and captured files from different sources.
Relevant Course Learning Requirements:
CLR 4: Perform network analysis on various network packet captures to determine whether a security issue is present and an Indicator of Compromise (IoC) needs to be created.
CLR 6: Analyze typical network traffic reporting benign or malicious traffic found.
Lab Topology/Addressing
Week 6 Lab 6 – Save Packet Capture Logs
Lab summary:
Save Packet Capture Logs for Future use.
Read and Interpret Packet Capture tools output.
Background / Scenario
Saving Packet Capture Logs for future use or finding a pattern of network activities in the past is important for network forensics and an evidence of any malicious
activity.
In this lab, you practice savings logs, and examine them to find out if there are any threats to critical asset or no.
Please note:
1) “
Username”
is your College username. 2)
Save all screen captures and answers in a file named “W6_L6_
username
.docx” and upload to the Week 6 Lab submission folder.
Part 1) Save logs on Wireshark
Run “
Wireshark
” on PC1
Step 1)
Save The output of Packet Capture
a)
Select the profile that you have created with your username in Week2 Lab2.
b)
Click on the “
Option
” and then select “
Output
” from “
Capture Option
” Window
Option > Output
Week 6 Lab 6 – Save Packet Capture Logs
c)
Click on the “Browse” and select a path to capture packets to a permanent file
(In this case as an example, a file named “WireShark_Permanent.pcapng” in /Desktop/Permanent Capture)
d)
Check “
Create a new file automatically
” and select creating a new file every 30 Seconds. (It creates a new file every 30 Seconds)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Week 6 Lab 6 – Save Packet Capture Logs
e)
Click on Input tab, and make sure correct interface is selected, and click on Start.
Monitor the folder that you have created in part c.
After creating 10 files, stop the captures and close the Wireshark.
Week 6 Lab 6 – Save Packet Capture Logs
Notice Wireshark does not ask you to save the logs before closing the window.
f)
Sort the files, based on the Name, and examine file names. Take a screen capture.
In this part, you open the files that are created.
g)
Open the first file in the list and scroll down and go to the last captured packet in the “
Packet List
” pane. Take a screen capture.
h)
Open the second file in the list and examine the last captured packet from first file and first captured packet from second file.
Week 6 Lab 6 – Save Packet Capture Logs
In this part, you merge the first 2 files, to have a full view of the traffic in file 1 and
2 duration.
i)
On second window, click on “
File
” and select “
Merge
”. Navigate to the folder that Wireshark has created Permanent Files and select the first saved file, and click “
Open
”.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Week 6 Lab 6 – Save Packet Capture Logs
Week 6 Lab 6 – Save Packet Capture Logs
j)
Now examine the new file with the output of the first 2 files.
All captured packets now are merged from the first file into the second file.
Take a screen capture.
k)
What is the name of new merged pacp file?___________
In this part, we merge 3
rd
captured file into the file created in part i.
l)
On the new merged file, follow the steps in part i and merge the 3
rd
file.
Notice, you need to save the file before merging another pcap file.
Week 6 Lab 6 – Save Packet Capture Logs
Save it as “Merge_1_2.pcapng” in the same folder and continue to merge the 3rd captured file from the list.
Take a screen capture after merging 3
rd
file.
m) What is the name of the file?____________
Close the new file.
n)
Open again “Merge_1_2.pcapng” and merge it with the 2
nd
file of the list.
Does Wireshark let you merge 2 files?_________
Examine the packets in the “Packet pane”.
Does Wireshark eliminates similar packets?____________
Do you see any duplicate packets?______________
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Week 6 Lab 6 – Save Packet Capture Logs
In this part you use ring buffer to limit the number of files in the creating new files process by Wireshark.
o)
Repeat steps in step b and check “Use a ring buffer with” and change the number in the box to 5.
Follow the same steps in parts c, d and e.
p)
Examine the files created in the folder “
Permanent Capture
”.
How many files do you see in the folder?__________
Notice how the file numbers are changing and old files have been deleted.
Take a screen capture.
Part 2) Save logs on tcpdump
Open an SSH connection to PC2.
Step 1)
Save The output of Packet Capture
a)
Filter packets on first interface and write it to a username.pcap file
tcpdump -D
tcpdump -c 20 -eni ens160 -s 65535 -w username.pcap
b)
Display the output by using following command
tcpdump -r username.pcap
Copy the result to
W6_L6_
username
.docx file.
Week 6 Lab 6 – Save Packet Capture Logs
c)
Repeat step b and save it as “username_1.pcap”
tcpdump -c 20 -eni <IF_NAME> -s 65535 -w username_1.pcap
d)
Display the output of file “username_1.pcap”.
Copy the result to
W6_L6_
username_1
.docx file.
In this step, you merge 2 pacp files created by tcpdump command.
e)
Use the following command to merge files “username.pcap” and “username_1.pcap”.
mergecap username.pcap username_1.pcap -w merge.pcap
f)
Display the output of file “merge.pcap”.
Copy the result to
W6_L6_
username_merge
.docx file.
Week 6 Lab 6 – Save Packet Capture Logs
Part 3) Critical Assets and Security
In this part,
with some information about the network, you examine any threats to
critical assets.
FTP Server IP address:
10.10.1.53
a) Open “W6L6.pcapng” file on either your laptop or any PC in the lab. Create a filter based on FTP server IP address as destination.
(Hint: ip.dst==10.10.1.53)
Take a screen capture.
b) Use “Flow Graph” window to see traffic flow in this pcap file.
Statistics > Flow Graph
Examine the output and take a screen capture.
c) Check “Limit to display filter” and examine the output and take a screen capture.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Week 6 Lab 6 – Save Packet Capture Logs
d) Examine the output and traffic between IP address 10.10.1.53 and 10.10.1.55.
Is there any suspicious activity to FTP Server? _____________
Please provide your investigation.
This is the end of the lab.
Please submit all the results, as instructed in the lab activities to the Brightspace Week 6 Lab 6 Submission folder.
Grading Criteria
Exceptional
Proficient
Unsatisfactory
Insufficient
3
2
1
0
Part1, Step f Screen capture
An image with saved captured files
An image with 7 files
An image with 3 files
No answer
Part1, Step j Screen capture
An image with a new file showing saved captured packets
An image without merged data An image of one file No answer
Part1, Step k
All requested information
Name of one original file
Wrong file name
No answer
Part1, Step l Screen capture
An image with a new file showing saved captured packets
Image with 2 files
Image with one file
No answer
Part1, Step m
All requested information
-
Some requested information
No answer
Part1, Step n
All requested information
Correct answer to 2 questions
Correct answer to one
question
No answer
Part1, Step p
Screen capture
An image with a new file showing saved captured packets
-
Wrong answer to the question or wrong picture
No answer
Part2, Step bA pcap file with all requested information in -
Wrong information in the file
No answer
Week 6 Lab 6 – Save Packet Capture Logs
the
W6_L6_usernam
e.docx format
Part 2, Step d
A pcap file with all requested information in the
W6_L6_usernam
e_1.docx format
-
Wrong information in the file
No answer
Part 2, Step f
A pcap file with all requested information in the
W6_L6_usernam
e_merge.docx format
-
Wrong information in the file
No answer
Part3, step a
An image with applied filter
Image with wrong filter
Image without filter
No answer
Part3, step b
An image with “Flow Graph” result
Image with wrong requested
criteria
Image without any requested criteria
No answer
Part3, step c
An image with requested information
Image with wrong requested
criteria
Image without any requested criteria
No answer
Part3, step d
All requested information
Provide investigation
Answer to the question
No answer
Total marks: /42
Total value: /3%
Week 6 Lab 6 – Save Packet Capture Logs
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help