Lab 23 – Digital Forensics (Part 7) LAB QUESTIONS 1) Why did ".5" become highlighted in the lower pane? Because that is ASCII representation of the destination of the data dump Why did the number 00 35 also become highlighted? Because that is the Hexadecimal representation of the data dump 2) What is the IP address of (Hint: look for the name server's response) 3) How many TCP frames were sent from my computer to the server? 118 4) Which server and version was used?? Microsoft-IIS/6.0 5) What is the MAC address of the HutchEx computer? 00:0c:29:e7:cd:4e 6) What is the MAC address of the AA computer? 00:0c:29:f2:5f:f9 7) What is the frame number, frame length and list of protocols in the frame? frame number = 30 frame length = 74 bytes list of protocols = eth, ip, icmp, data 8) In the network layer protocol, what is the TTL set to and are the available flags set? TTL = 128 flags set = 0x00
Unformatted text preview: 9) What is the IP address of the local dns server? 10) What is the MAC address of the HutchEx and the AA computers? HutchEx MAC = 00:0c:29:e7:cd:4E AA MAC = 00:0c:29:f2:5f:f9 11) What is the MAC address of the HutchEx and the AA computers? HutchEx MAC = 00:0c:29:97:47:4f AA MAC = 00:0c:29:f2:5f:f9 12) What is the discrepancy did you notice between the MAC addresses in questions 10 and 11? The difference that I noticed was that the source computers (HutchEx) did not have the same MAC address. 13) What other interesting details did you notice? Just by having one webpage open there was 2805 packets of information exchanged. There were a number of protocols used with just one web page. 14) Could you recognize this traffic again if you saw it happening against your computer? with enough time I am sure that I could recognize this traffic if it happened against my computer....
This note was uploaded on 09/09/2011 for the course CIS CIS410 taught by Professor Mr.t during the Spring '11 term at ECPI College of Technology.

