Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Lab #7 - Assessment Worksheet Analyzing Network Traffic to Create a Baseline Def

ID: 3732858 • Letter: L

Question

Lab #7 - Assessment Worksheet

Analyzing Network Traffic to Create a Baseline Definition

Course Name and Number: ________________________________________________________________

Student Name: ________________________________________________________________

Instructor Name: ________________________________________________________________

Lab Due Date: ________________________________________________________________

Lab Assessment Questions & Answers

1. Both Wireshark and NetWitness Investigator can be used for packet captures and analysis. Which tool is preferred for each task, and why?

2. What is the significance of the TCP three-way handshake for applications that utilize TCP as transport protocol?

3. How many different source IP host addresses did you capture in your protocol captures?

4. How many different protocols did your Wireshark capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment?

5. How can you find Wireshark network traffic packet size counts? How and where? Are you able to distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know?

6. Why is it important to use protocol capture tools and protocol analyzers as an information systems security professional?

7. What are some challenges to baseline analysis?

8. Why would an information systems security practitioner want to see network traffic on both internal and external network traffic?

9. Which transactions in the lab used TCP as a transport protocol? Which used UDP? Which ports were used in the lab?

Explanation / Answer

1. Both Wireshark and NetWitness Investigator can be used for packet captures and analysis. Which tool is preferred for each task, and why?

Net Witness has a limitation of 1G of protocol capture per session, but Wireshark does not have a limitation on the size of the capture file which makes it better suited to protocol capture. Net Witness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user friendly in terms of understanding protocol behavior and protocol analysis.

2. What is the significance of the TCP three-way handshake for applications that utilize TCP as transport protocol?

TCP is a connection-oriented protocol and is used by applications that require this type of behavior. A three-way handshake (SYN > SYN-ACK > ACK) is preformed between theIP source and IP destination to establish a connection-oriented connection.

3. How many different source IP host addresses did you capture in your protocol captures?

Answer is 8

4. How many different protocols did your Wireshark capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment?

There were 10 protocols that the protocol capture session have.

Click on: Statistics Protocol Hierarchy In order to see the breakdown of the different protocol types on the LAN segment.

5. How can you find Wireshark network traffic packet size counts? How and where? Are you able to distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know?

In Wireshark, network traffic packet size counts can be found at: Statistics Packet Length Packet Length w/ filter window Yes, the columns ‘Packet Length’ and the ‘count’, show the packet size distribution of the capture

6. Why is it important to use protocol capture tools and protocol analyzers as an information systems security professional?

It is important to use protocol capture tools and protocol analyzers as an information system security professional so you can intercept and log traffic passing over a digital network or part of a network

7. What are some challenges to baseline analysis?

Simplifying the data for better analysis dealing with large size packet captures.Challenges to baseline analysis include simplifying the data for better analysis, dealing with large-size packet capture files, and working with multiple tools to gain an accurate perspective on the network. It is important to know that base lining is not a one-time task, but a regular part of network monitoring.

8. Why would an information systems security practitioner want to see network traffic on both internal and external network traffic?

To see who is accessing data and where it is going

9. Which transactions in the lab used TCP as a transport protocol? Which used UDP? Which ports were used in the lab?

TCP= Telnet, SSH, FTP, RDP
UDP= TFTP, NetBios-DGM, NetBios-NS
Ports= 21, 22, 23, 49166, 49164, 49163, 49162, 49161, 6688, 69, 5353, 3389, 49154, 138, 137

Related Questions

LaJolla Securities Inc. specializes in the underwriting of small companies. The
Question #2779545
LaKonishok Equipment has an investment opportunity in Europe. The project costs
Question #2743810
LaMar and Louise Hubbs moved from Alabama to the heart of Texas. They were delig
Question #2742145
LaMont et al. tested for obstructive coronary artery disease (OCAD) among 113 me
Question #3204081
LaMont works for a company in downtown Chicago. The firm encourages employees to
Question #2347731
LaMont works for a company in downtown Chicago. The firm encourages employees to
Question #2706717
LaPango Inc. estimates that its average-risk projects have a WACC of 10%, its be
Question #2705916
LaPango Inc. estimates that its average-risk projects have a WACC of 10%, its be
Question #2730818

Navigate

Previous
Lab #6: KSP OF SILVER ACETATE KEY CONCEPTS . Solubility product Saturated soluti
Next
Lab #7 Due: 11/3, Credit: 30 pts 1. VSC (Very simple calculator) – write a progr

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.