Professional Documents
Culture Documents
In this lab we are going to use Wireshark to analyze DoS attacks (brute force attack)
with FTP protocol
We have an FTP server with IP address 192.168.56.1 has encountered a DoS. The investigator captured
the traffic between the server and attacker’s IP address (192.168.56.101) using Wireshark (the pcap file
is attached).
Based on examining the pcap file, please answer the following question:
In the Figure above we can see that the attacker machine is using ARP protocol to ask about the
MAC address of the victim IP address (Who has 192.168.56.1? Tell 192.168.56.101).
To search based on SYN/ACK packets, choose any SYN/ACK packets, then from details search for Flags:,
right click then Apply as Filter >> Selected
We can see that the user entered passwords many times with login failure (Brute Force attacks).
We can see that the code for Login incorrect is 530, we need to search for login successful code
in FTP.
Follow>>TCP Stream
- What is the image the attacker retrieved from the victim machine? Save it in your computer.
Whywecanthavenicecat.png
To save it:
Change the fields as shown in the picture below: