Scribd Logo
Upload

Welcome to Scribd!

  • Sena Laboratorio # 1: Deteccion de Intrusos

    Uploaded by

    Oscar Javier Tellez Vera
    3 views3 pages
    This document provides instructions for a lab activity using TCPDump to analyze network traffic. The goal is to familiarize students with using TCPDump and its various options like -n, -c, -x, -e, and -X. Students are asked to read a file called lab1.lpc using TCPDump with different options and filters. They then need to answer questions about the source/destination addresses, protocols, ports, and flags in the first few records. Finally, students use TCPDump filters like 'tcp', 'port 345', and 'dst host' to count records matching certain criteria in the lab file.

    Original Description:

    Laboratorio de cabecera

    Original Title

    Laboratorio1.0

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for a lab activity using TCPDump to analyze network traffic. The goal is to familiarize students with using TCPDump and its various options like -n, -c, -x, -e, and -X. Students are asked to read a file called lab1.lpc using TCPDump with different options and filters. They then need to answer questions about the source/destination addresses, protocols, ports, and flags in the first few records. Finally, students use TCPDump filters like 'tcp', 'port 345', and 'dst host' to count records matching certain criteria in the lab file.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views3 pages

    Sena Laboratorio # 1: Deteccion de Intrusos

    Uploaded by

    Oscar Javier Tellez Vera
    This document provides instructions for a lab activity using TCPDump to analyze network traffic. The goal is to familiarize students with using TCPDump and its various options like -n, -c, -x, -e, and -X. Students are asked to read a file called lab1.lpc using TCPDump with different options and filters. They then need to answer questions about the source/destination addresses, protocols, ports, and flags in the first few records. Finally, students use TCPDump filters like 'tcp', 'port 345', and 'dst host' to count records matching certain criteria in the lab file.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    SENA

    Laboratorio # 1
    Deteccion de intrusos

    Nombre(s) Estudiante(s): ____________________________________________ Grupo:


    _______
    ____________________________________________
    Grupo: ______
    ____________________________________________ Grupo:
    _______
    ____________________________________________
    Grupo: ______

    Part A. Introduction to TCPDump.


    The goal of this lab is for you to become familiar in usingTCPDump. In the first part
    of this lab you will read a file using TCPDump with different options:
    -n
    -c
    -x
    -e
    -vv
    -X

    to
    to
    to
    to
    to
    to

    disable hostname resolution.


    count the number of records to read.
    display records in hexadecimal.
    display the MAC addresses.
    display records in very verbose mode (check tos, ttl, IP id,).
    display the payload in ASCII.

    For this lab you are going to read the file lab1.lpc, use the corresponding commands
    in order to be familiar with TCPDump so:
    1. Using tcpdump read the file lab1.lpc.
    2. Using tcpdump read the file lab1.lpc using the option to disable hostname
    resolution.
    3. Using tcpdump read the first tcp record in the file lab1.lpc.
    4. Using tcpdump read the first tcp record in the file lab1.lpc in hexadecimal.
    5. Using tcpdump read the file lab1.lpc and find the source and destination MAC
    addresses of the first tcp record.

    6. Using tcpdump read the file lab1.lpc displaying the payload in ASCII. What
    you read in the payload of the fourth TCP record.
    Answer the following questions:
    What are the source and destination MAC addresses of the first record:
    What protocol is used in the first record:
    Find the first IPv4 record and answer:
    What is the protocol that travels under IP/ embedded protocol:
    What is the source and destination IP addresses:
    What is the source and destination ports:
    What are the source and destination MAC addresses:
    What flags are on:
    Part B. Using filters.
    Now that you became familiar with tcpdump you are going to use it with some
    filters, for example:
    tcp
    will find tcp records only.
    port 345
    will find records that contain port 345.
    dst port 23
    will find records that contain as a destination port, port number
    23.
    udp and src port 21
    will find UDP records that contain as a source port, port
    21.
    dst host 10.10.10.10
    will find records with destination host 10.10.10.10.
    icmp[0] = 3 and icmp[1] = 3 will find all records with ICMP message destination
    unreachable with port unreachable.
    Saying that, using the same file find:
    1. How many records have the tcp protocol:
    Command used: Command used:
    2. How many records use port number 139:

    Command used:
    3. How many records that use as a source port, port 139:
    Command used:
    4. How many records that have udp protocol and source port 139:
    Command used:
    5. How many records that have udp protocol and destination port 138:
    Command used:
    6. How many records that have tcp protocol and destination host 192.168.2.11:
    Command used:

    You might also like