CIS410_Malicious_Traffic_Analysis

CIS410_Malicious_Traffic_Analysis - Eric Walker Mr....

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Eric Walker Mr. Trevethan CIS410 July 28, 2011 "Malicious Traffic Analysis" In this exercise we will examine some "malicious" network traffic (i.e. traffic that is on the network from sources that are trying to break in or collect information). The purpose of the exercise it to gain further experience using WireShark and recognizing malicious network traffic Lab Setup You will need a computer running WireShark. Task 1: Analyze a tcp portscan attempt Open the portscan.cap how long does the attack last? 0.758130 of a sec. What is the attackers IP address? 10.1.0.2 how many source ports are used by the attacker? 24 how many destination ports are targeted by the attacker? 24 Why does the target send back so many RST,ACK packets? Because the ports are closed. how can the attacker tell if a port is "open"? (hint, look at frames 13, 14 & 15). We can see that the three way handshake was performed; because the attacker sent out a SYN request and was returned a SYN, ACK, by the target device, and the attacker returned
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 2

CIS410_Malicious_Traffic_Analysis - Eric Walker Mr....

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online