This question has been answered
Question

Below I have attach the documents for the assignment. It's due tomorrow

and I would appreciate any help I can get with this short notice. If you have any questions, message me. This assignment require wireshark. It is for free.

2 Attachments
Assignment 2: Network Security – Packet Capture Analysis Fall 2016 Scenario: Flextor ApplicaTons, Inc. has contacted you regarding a possible security breach on their network. Philo Farnsworth, the owner, believes something suspicious is going on. Specifcally he thinks that someone is stealing his business secrets. Mr. Farnsworth asked his network administrator, James Garre±, to capture network acTvity and email it to you. James met with you and handed over a CD with the packet capture. He seemed nervous. Mr. Farnsworth has asked you to idenT²y any suspicious acTvity in the packet capture. You are to answer the quesTons below, in as much detail as possible, and provide Mr. Farnsworth with a hal²-page summary o² what you ²ound that might be suspicious. I² there's a 'mole' in his organizaTon he wants to know, and what, i² anything, might have been stolen or compromised. Here are the details regarding the network: Employee ³itle IP address Server Server 192.168.0.128 Phil Farnsworth Owner 192.168.0.133 James Garre± Network Admin 192.168.0.131 Allen Beard Payroll Admin 192.168.0.132 File to use: 4360.2.spring.2016.pcap (on the website) Deliverable: I want a SINGLE DOCUMEN³, either *.doc, *.docx, or *.pd² that contains the ²ollowing in²ormaTon: 1. A 1/2 page management summary, wri±en in non-technical language, that provides a high level interpretaTon o² what occurred during the sequence o² events, idenT²ying any suspicious acTvity (trust me there is a LO³ going on). I will count o´ i² you use ANY o² the ²ollowing terms (or terms like this): µp, telnet, IP, h±p, port, ping, port numbers, etc. ³hink o² a way to describe what occurred without using technical lingo! 2. Answer the quesTons below. Keep the stems included in your document so I can idenT²y the quesTons you are answering. You can type DIRECTLY into this document as I want to see the ques±on stems!! 10 points of immediately iF you don't include the stems. NO³E: Some acTvity is suspicious, some is NO³. I² it's NO³ suspicious, describe why it’s not, and go on to the next quesTon! I² you don't know whether it's suspicious -- someTmes it's di¶cult to tell -- say so, and describe why you can't tell whether it's suspicious or not. ³here are examples o² EACH o² the a²oremenToned categories o² behavior included in the packet capture. NO³E: I want a DE³AILED IN³ERPRE³A³ION o² what is happening. Don't simply DESCRIBE what is going on, I want an expert interpretaTon. Here’s an example: POOR DESCRIP³ION: IP xxx.xxx.xxx.xxx is accessing port 21 over ³CP on IP xx.xx.xx.xx. My feedback to you: That is useless informa±on.
Background image of page 1
Assignment 2: Network Security – Packet Capture Analysis Fall 2016 GOOD DESCRIPTION: IP xxx.xxx.xxx.xxx is a±emp²ng to connect to port 21 on IP xxx.xxx.xxx.xxx. Port 21 is fp, which sends creden²als in the clear. The series o³ packet captures shows that the intruder was a±emp²ng to guess passwords ³or user "sumowrestler". The intruder was eventually success³ul afer the 5th try. The passwords guessed were "password", "sumo", "wrestler", "beatles" and "sumo1", the la±er o³ which allowed the intruder to gain access to the computer. My feedback: Whoa! Excellent! OF to the NSA you go! Questions 1. What is occurring in packets 3-4? Is it evidence o³ an intrusion? Provide an interpreta²on o³ what is occurring, and the possible uses o³ the in³orma²on gained. I³ there’s nothing suspicious, tell me so, and explain why it’s normal tra´c. 2. Is the ac²vity occurring in packets 17-20, 24-25, 28-33, 36-41 evidence o³ an intrusion? Provide a detailed interpreta²on o³ what is occurring, and the possible uses o³ the in³orma²on gained. How many computers are involved? Who owns them? 3. Is the ac²vity star²ng in packet 80-116 evidence o³ an intrusion? Provide a detailed interpreta²on o³ what is occurring, and the possible consequences. How many ports are involved, and what are their associated services? What in³orma²on would be gained, and how would it be used by an a±acker? 4. Are packets 508-595 abnormal? (Note: this is a TCP stream so you can select the µrst packet, right click your mouse, select "Follow TCP Stream", and Wireshark will extract those packets and ³orm a single readable stream.) Provide a detailed descrip²on AND interpreta²on o³ what is occurring, and the possible consequences. THERE IS A LOT GOING ON. TELL ME WHAT HAPPENED! 5. Is the ac²vity star²ng in packet 618 evidence o³ an intrusion? (Note: this is a TCP stream so you can select the packet, right click your mouse, select "Follow TCP Stream", and Wireshark will extract those packets and ³orm a single readable stream.) Provide a detailed interpreta²on o³ what is occurring, and the possible consequences. 6. Is the ac²vity star²ng in packet 1037 abnormal? Provide a detailed interpreta²on o³ what is occurring, and the possible consequences. What did the a±acker do on the system? 7. Is the ac²vity in packets 1130-1136 abnormal? I³ so tell me why. I³ not, explain why. 8. Is the ac²vity occurring in packets 1347-1934 evidence o³ an intrusion? (Use Follow TCP Stream. Look at the IP address. Type that into Google. Haha.) Provide a detailed interpreta²on o³ what is occurring. 9. Is the ac²vity star²ng in packet 4363 evidence o³ an intrusion or a±ack? (Use Follow TCP Stream). Provide a detailed interpreta²on o³ what is occurring, and the possible consequences. What did the a±acker do, and to whom? 10. Is the ac²vity star²ng in packet 5321 evidence o³ an intrusion or a±ack? (Use Follow TCP Stream). Provide a detailed interpreta²on o³ what is occurring, and the possible consequences.
Background image of page 2

End of preview

Sorry! Preview is not available for this attachment.
Answered by Expert Tutors
1 Attachment
comp scie.docx
docx
Network Security - Packet Capture Analysis Fall 2016 Scenario: Flextor Applications, Inc. has contacted you regarding a possible security breach on...
Get unstuck

252,291 students got unstuck by Course
Hero in the last week

step by step solutions

Our Expert Tutors provide step by step solutions to help you excel in your courses