Scribd Logo
Upload

Welcome to Scribd!

  • CMSY164 Lab 2

    Uploaded by

    WilliamFoteping
    33 views3 pages
    Objective: Capture network traffic in a 'pcap' binary file, display it in a human readable format, and identify protocols and their important fields. Tools: 1) tcpdump: premier and simple network analysis sniffer tool in Unix 2) vim/leafpad: Text editor to view text file. 3) Kali: OS – Distribution for pen testing.

    Original Title

    CMSY164Lab2 (2)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Objective: Capture network traffic in a 'pcap' binary file, display it in a human readable format, and identify protocols and their important fields. Tools: 1) tcpdump: premier and simple network analysis sniffer tool in Unix 2) vim/leafpad: Text editor to view text file. 3) Kali: OS – Distribution for pen testing.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    33 views3 pages

    CMSY164 Lab 2

    Uploaded by

    WilliamFoteping
    Objective: Capture network traffic in a 'pcap' binary file, display it in a human readable format, and identify protocols and their important fields. Tools: 1) tcpdump: premier and simple network analysis sniffer tool in Unix 2) vim/leafpad: Text editor to view text file. 3) Kali: OS – Distribution for pen testing.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    William Foteping

    CMSY-164
    Introduction to IDS
    Lab 2

    Objective: Capture network traffic in a 'pcap' binary file, display it in a human readable format, and
    identify protocols and their important fields.

    Tools:
    1) tcpdump: premier and simple network analysis sniffer tool in Unix
    2) vim/leafpad: Text editor to view text file.
    3) Kali: OS Distribution for pen testing.

    Instructions:
    a) Logon to Kali Linux
    b) Click on Terminal
    c) Finding out your IP and Network
    o Logon to Kali Linux (based on Lab 1)
    o Click on Terminal
    o Create directory (folders) to store your labs and class materials
    In terminal type mkdir p ~/CMSY164lab{1..10}
    o In terminal type:
    ifconfig
    What is the IP address of eth0? Is that the primary IP to get to the
    internet?
    10.0.2.15 is the IP address of eth0. Yes, it is the primary IP to get
    to the internet

    tcpdump
    In terminal type tcpdump D how many interface does tcpdump
    recognize
    Tcpdump reports 6 interfaces.

    In terminal type tcpdump s0 i{the active Ethernet interface} w


    ~/CMSY164lab2/google.pcap ip c 20 && wget
    http://www.google.com
    In terminal type
    o cd ~/CMSY164lab2
    o tcpdump nX r google.pcap > google.trace1

    Please answer the following based on the google.trace1 file.


    Using a text editor open google.trace1
    What are the IP addresses and ports in the first packet? Notice that
    tcpdump displays the address and port as 5 field dotted decimal value (ie.
    1.2.3.4.5 where 1.2.3.4 is the IP address and 5 is the port)
    What are the 4-tuple of the DNS session (Hint: What port is used by
    DNS?)
    Source IP address: 10.0.2.15 Source TCP port: 35676
    Destination IP address: 75.75.75.75 Destination TCP address: 53

    What is the 4-tuple of the Web session

    Source IP address:10.0.2.15 Source TCP port:49612


    Destination IP address:216.230.103.30 Destination TCP address: 80
    21:22:25.842130 IP 172.16.146.2.53 > 172.16.146.179.42468: 42789 0/1/0
    (89)
    0x0000: 4500 0075 df72 0000 8011 de2e ac10 9202 E..u.r..........
    0x0010: ac10 92b3 0035 a5e4 0061 bdfb a725 8180 .....5...a...%..
    0x0020: 0001 0000 0001 0000 0c74 6563 686e 6f73 .........technos
    0x0030: 6f70 686f 7303 636f 6d00 001c 0001 c00c ophos.com.......
    0x0040: 0006 0001 0000 0005 002b 026e 7309 6e6f .........+.ns.no
    0x0050: 6364 6972 6563 74c0 1905 6164 6d69 6ec0 cdirect...admin.
    0x0060: 3178 1b8f c800 0151 8000 001c 2000 36ee 1x.....Q......6.
    0x0070: 8000 0151 80

    Based on the above tcpdump and using the IP header diagram, please
    answer the following:
    o What is the hexadecimal value of :
    Checksum
    De2e

    Identification

    Df72

    Open terminal and type


    o tcpdump n r ~/CMSY164lab2/google.pcap > google.trace2
    o Now using an editor, open google.trace2 file
    o Please answer the following:
    What is the different about the formatted output?

    Find the first HTTP session (Hint: what port is used


    for HTTP?
    How many packets
    are
    20 packets have been
    in the session?
    captured overall; only
    14 are displayed and
    we have one HTTP
    packet in the session

    How many seconds and milliseconds does the session


    last?
    00:00:02 seconds

    You might also like