This question has been answered
Question
Below I have attach the documents for the assignment. It's due tomorrow
and I would appreciate any help I can get with this short notice. If you have any questions, message me. This assignment require wireshark. It is for free.
Assignment 2: Network Security – Packet Capture Analysis
Fall 2016
Scenario:
Flextor ApplicaTons, Inc. has contacted you regarding a possible security breach on their network.
Philo
Farnsworth, the owner, believes something suspicious is going on. Specifcally he thinks that someone is
stealing his business secrets.
Mr. Farnsworth asked his network administrator, James Garre±, to capture network acTvity and email it
to you.
James met with you and handed over a CD with the packet capture.
He seemed nervous.
Mr. Farnsworth has asked you to idenT²y any suspicious acTvity in the packet capture.
You are to answer
the quesTons below, in as much detail as possible, and provide Mr. Farnsworth with a hal²-page
summary o² what you ²ound that might be suspicious. I² there's a 'mole' in his organizaTon he wants to
know, and what, i² anything, might have been stolen or compromised.
Here are the details regarding the network:
Employee
³itle
IP address
Server
Server
192.168.0.128
Phil Farnsworth
Owner
192.168.0.133
James Garre±
Network Admin
192.168.0.131
Allen Beard
Payroll Admin
192.168.0.132
File to use: 4360.2.spring.2016.pcap (on the website)
Deliverable:
I want a SINGLE DOCUMEN³, either *.doc, *.docx, or *.pd² that contains the ²ollowing in²ormaTon:
1. A 1/2 page management summary, wri±en in
non-technical language, that provides a high level
interpretaTon o² what occurred during the sequence o² events, idenT²ying any suspicious acTvity (trust
me there is a LO³ going on). I will count o´ i² you use ANY o² the ²ollowing terms (or terms like this): µp,
telnet, IP, h±p, port, ping, port numbers, etc.
³hink o² a way to describe what occurred without using
technical lingo!
2. Answer the quesTons below. Keep the stems included in your document so I can idenT²y the
quesTons you are answering.
You can type DIRECTLY into this document as I want to see the ques±on
stems!! 10 points of immediately iF you don't include the stems.
NO³E: Some acTvity is suspicious, some is NO³.
I² it's NO³ suspicious, describe why it’s not, and go on to
the next quesTon! I² you don't know whether it's suspicious -- someTmes it's di¶cult to tell -- say so, and
describe why you can't tell whether it's suspicious or not.
³here are examples o² EACH o² the
a²oremenToned categories o² behavior included in the packet capture.
NO³E: I want a DE³AILED IN³ERPRE³A³ION o² what is happening. Don't simply DESCRIBE what is going
on, I want an expert interpretaTon.
Here’s an example:
POOR DESCRIP³ION: IP xxx.xxx.xxx.xxx is accessing port 21 over ³CP on IP xx.xx.xx.xx.
My feedback to you: That is useless informa±on.
Assignment 2: Network Security – Packet Capture Analysis
Fall 2016
GOOD DESCRIPTION: IP xxx.xxx.xxx.xxx is a±emp²ng to connect to port 21 on IP xxx.xxx.xxx.xxx. Port 21
is fp, which sends creden²als in the clear.
The series o³ packet captures shows that the intruder was
a±emp²ng to guess passwords ³or user "sumowrestler". The intruder was eventually success³ul afer the
5th try. The passwords guessed were "password", "sumo", "wrestler", "beatles" and "sumo1", the la±er
o³ which allowed the intruder to gain access to the computer.
My feedback: Whoa! Excellent! OF to the NSA you go!
Questions
1. What is occurring in packets 3-4? Is it evidence o³ an intrusion?
Provide an interpreta²on o³ what is
occurring, and the possible uses o³ the in³orma²on gained. I³ there’s nothing suspicious, tell me so, and
explain why it’s normal tra´c.
2. Is the ac²vity occurring in packets 17-20, 24-25, 28-33, 36-41 evidence o³ an intrusion? Provide a
detailed interpreta²on o³ what is occurring, and the possible uses o³ the in³orma²on gained.
How many
computers are involved? Who owns them?
3.
Is the ac²vity star²ng in packet 80-116 evidence o³ an intrusion?
Provide a detailed interpreta²on o³
what is occurring, and the possible consequences. How many ports are involved, and what are their
associated services?
What in³orma²on would be gained, and how would it be used by an a±acker?
4.
Are packets 508-595 abnormal? (Note: this is a TCP stream so you can select the µrst packet, right
click your mouse,
select "Follow TCP Stream", and Wireshark will extract
those packets and ³orm a
single readable stream.) Provide a detailed descrip²on AND interpreta²on o³ what is occurring, and the
possible consequences.
THERE IS A LOT GOING ON. TELL ME WHAT HAPPENED!
5.
Is the ac²vity star²ng in packet 618 evidence o³ an intrusion?
(Note: this is a TCP stream so you can
select the packet, right click your mouse, select "Follow TCP Stream", and Wireshark will extract those
packets and ³orm a single readable stream.)
Provide a detailed interpreta²on o³ what is occurring, and
the possible consequences.
6. Is the ac²vity star²ng in packet 1037 abnormal?
Provide a detailed interpreta²on o³ what is occurring,
and the possible consequences.
What did the a±acker do on the system?
7.
Is the ac²vity in packets 1130-1136 abnormal?
I³ so tell me why. I³ not, explain why.
8. Is the ac²vity occurring in packets 1347-1934 evidence o³ an intrusion?
(Use Follow TCP Stream.
Look
at the IP address. Type that into Google. Haha.) Provide a detailed interpreta²on o³ what is occurring.
9. Is the ac²vity star²ng in packet 4363 evidence o³ an intrusion or a±ack?
(Use Follow TCP Stream).
Provide a detailed interpreta²on o³ what is occurring, and the possible consequences. What did the
a±acker do, and to whom?
10. Is the ac²vity star²ng in packet 5321 evidence o³ an intrusion or a±ack?
(Use Follow TCP Stream).
Provide a detailed interpreta²on o³ what is occurring, and the possible consequences.
End of preview
Subject:
Computer Science, Engineering & Technology
252,291 students got unstuck by Course
Hero in the last week
Our Expert Tutors provide step by step solutions to help you excel in your courses