MacOs terminal:

#Version 1.5 #Software: Microsoft Windows Firewall #Time Format: local #Fields: date time action protocol src-ip dst-ip src-port dst-port size

2018-05-25 11:47:02 FORWARD TCP 11.100.6.64 10.202.41.103 2176 7 953880 2018-02-22 03:34:00 FORWARD UDP 11.102.7.64 10.202.40.101 2075 65 116445 2018-03-20 04:47:11 REJECT UDP 9.102.8.65 10.202.41.101 2189 97 985631 2018-11-08 14:14:47 REJECT TCP 10.101.8.64 10.202.40.103 2158 63 164259 2018-07-24 22:46:54 REJECT TCP 11.100.6.65 10.202.41.103 2089 61 991882 2018-01-01 19:27:19 DROP TCP 11.101.7.64 10.202.40.100 2210 44 354300 2018-04-17 01:35:12 FORWARD UDP 10.102.6.65 10.202.41.103 2135 83 231775 2018-05-05 04:26:05 DROP UDP 11.101.6.65 10.202.40.103 2160 104 209447

QUESTION 5:

(20 points)

Write a command to display the src-ip value for events that match

the following criteria;

-

The size field is less than or equal to 500

-

the dst-ip field starts with 10.202.40

Part 2 - 20 points

For this part, you will need to make use of the

sort

,

tail

and/or

head

programs. Study the man

pages for these programs to assist you with answering this question.

QUESTION 6:

(10 points Each)

Write a command to print the date and time of the earliest event in

the firewall.log file.

Create a second command to print the date and time of the latest

event in the file.