Figure 13. IPCONFIG command ran in command prompt to display IP target.
PROJECT 1: PREPARATORY LAB EXERCISES 12 The Wireshark live scan was conducted on two systems. For this reason we must also get the IP address of the other targeted system. Figure 13a shows the results of IP address below. Figure 13a. Ping result in command prompt of second target. With the collected information from Figures 13 and 13a, Wireshark was launched. A new capture was conducted targeting Local Area Connection 2 and daaslab. While the capture was happening IP address 192.168.10.121 was pinged via the command prompt window. The Wireshark capture is shown below in Figure 14.
PROJECT 1: PREPARATORY LAB EXERCISES 13 Figure 14. Wireshark capture as IP 192.168.10.121 is pinged. Two files were downloaded from the “WP Exploit” containing the desert.jpg image file. After the step above, the Wireshark capture was stopped and saved. A filter was in Wireshark to show the results of the capture containing IP 192.168.10.121 and http filter as shown in Figure 15 and 15a respectively. Figure 15. Wireshark filter for IP 192.168.10.121.
PROJECT 1: PREPARATORY LAB EXERCISES 14 Figure 15a. Applying the http filter. To find the uploaded Desert.jpg file during the capture a new filter was applied. The filter applied was “http and tcp contains Desert.” This filter generated the results in Figure 16 below.
PROJECT 1: PREPARATORY LAB EXERCISES 15 Figure 16. Results of applying the “http and tcp contains Desert” to find the uploaded Desert file. Snort Lab Report Snort is a program used as an intrusion detection system/intrusion protection system. Snort is used to monitor the network and computer connection for anomalies such as malware or other type of attacks. To start the Snort tool, the cyb670.pcap file was located as shown on Figure 17 below. Figure 17. Location of cyb670.pcap file.
PROJECT 1: PREPARATORY LAB EXERCISES 16 After locating the file, a command prompt widow is opened and the command “ Snort –r C:\Snort\cyb670.pcap –P 5000 –c C:\snort\rules\cyb670.rules –e -X –v –l C:\Snort\log” is ran. Figure 18 below shows the results of this step. Figure 18. Results of running the Snort command to process the cyb670.pcap file. The file saved from the Wireshark Lab Report’s extension was changed to .pcap before running the command above. This same file will be saved as cyb670.rules and placed in the rules directory folder under the C:/Snort/Rules folder. The cyb670.rules file was opened and the “You finally made it work” message was typed. The command Snort –r C:\Snort\cyb670.pcap –P 5000 –c C:\snort\rules\cyb670.rules –e -X –v –l C:\Snort\log was ran again in the command prompt window. The alert.ids file was opened and the custom message was found as shown below in Figure 19.
PROJECT 1: PREPARATORY LAB EXERCISES 17 Figure 19. Alert.ids file showing custom message.
You've reached the end of your free preview.
Want to read all 24 pages?
- Spring '18