Question: Q4. Network Traffic Analysis (20 points) Use Network Miner program to load and study the PCAP file uploaded with the assignment on D2L. PCAP=> DoS-15m-12h_1

Q4. Network Traffic Analysis (20 points)

Use Network Miner program to load and study the PCAP file uploaded with the assignment on D2L. PCAP=> DoS-15m-12h_1

a. List 3 observations about the network, in terms of number of hosts, IP addresses, type of traffic/protocol. (6 points)

b. Extract and list 4 sets of credentials (user name / passwords) that communicated over the network. (4 points)

c. Examine host 172.27.224.99

1. What OS is running on that host? (2 points)

2. What can you tell about traffic from and to that host? (4 points)

3. This is host is carrying a DoS attack, can you identify the victim hosts in the network? (4 points)

eth2dump-pingFloodDDoS-15m-12h_1.pcap o + TISTA TED Apply a display filter ... No. Time Source Destination | Protocol Length| Info 902... 43198.566869 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tri 902... 43198.775110 172.27.224.251 172.27.224.250 TCP 60 49911 + 502 902.. 43198.780339 172.27.224.70 172.27.224.250 TCP 60 49179 - 502 902... 43198.785004 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.785982 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.786002 172.27.224.251 172.27.224.250 TCP 60 49911 + 502 902... 43198.786213 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.794908 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.874788 172.27.224.70 172.27.224.250 Modbu... 66 Query: Tr 902... 43198.886830 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tr 902... 43199.092367 172.27.224.70 172.27.224.250 TCP 60 49179 + 502 902... 43199.187913 172.27.224.70 172.27.224.250 Modbu... 66 Query: Tr 902... 43199.196245 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tr! 0 902... 43199.404350 172.27.224.70 172.27.224.250 TCP 60 49179 - 502 ACK] Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: VMware_9d:9e:9 (00:0c:29:9d:9e:9e), Dst: Telemech_09:51:36 (00:80:f4:09:51:3 Internet Protocol Version 4, Src: 172.27.224.70, Dst: 172.27.224.250 Transmission Control Protocol, Src Port: 49179, Dst Port: 502, Seq: 1, Ack: 1, Len: 0 ) E F 0000 2010 0020 0030 00 80 f4 09 51 36 00 29 9d 9e 9e 08 60 45 00 00 28 16 c6 40 00 80 06 ca 91 ac 1b eo 46 ac 1b e fa co 1b 01 f6 61 ca ac 96 91 76 f4 1b 50 10 ff 13 41 43 00 00 00 00 00 00 00 00 Q; (@ a AC ...V Sorting "Source"... Packets: 902790 - Displayed: 902790 (100.0%) Profile: Default eth2dump-pingFloodDDoS-15m-12h_1.pcap o + TISTA TED Apply a display filter ... No. Time Source Destination | Protocol Length| Info 902... 43198.566869 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tri 902... 43198.775110 172.27.224.251 172.27.224.250 TCP 60 49911 + 502 902.. 43198.780339 172.27.224.70 172.27.224.250 TCP 60 49179 - 502 902... 43198.785004 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.785982 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.786002 172.27.224.251 172.27.224.250 TCP 60 49911 + 502 902... 43198.786213 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.794908 172.27.224.250 172.27.224.251 TCP 60 502 + 49911 902... 43198.874788 172.27.224.70 172.27.224.250 Modbu... 66 Query: Tr 902... 43198.886830 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tr 902... 43199.092367 172.27.224.70 172.27.224.250 TCP 60 49179 + 502 902... 43199.187913 172.27.224.70 172.27.224.250 Modbu... 66 Query: Tr 902... 43199.196245 172.27.224.250 172.27.224.70 Modbu... 85 Response: Tr! 0 902... 43199.404350 172.27.224.70 172.27.224.250 TCP 60 49179 - 502 ACK] Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: VMware_9d:9e:9 (00:0c:29:9d:9e:9e), Dst: Telemech_09:51:36 (00:80:f4:09:51:3 Internet Protocol Version 4, Src: 172.27.224.70, Dst: 172.27.224.250 Transmission Control Protocol, Src Port: 49179, Dst Port: 502, Seq: 1, Ack: 1, Len: 0 ) E F 0000 2010 0020 0030 00 80 f4 09 51 36 00 29 9d 9e 9e 08 60 45 00 00 28 16 c6 40 00 80 06 ca 91 ac 1b eo 46 ac 1b e fa co 1b 01 f6 61 ca ac 96 91 76 f4 1b 50 10 ff 13 41 43 00 00 00 00 00 00 00 00 Q; (@ a AC ...V Sorting "Source"... Packets: 902790 - Displayed: 902790 (100.0%) Profile: Default

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q4. Network Traffic Analysis (20 points) Use Network Miner program to load and study the PCAP file uploaded with the assignment on D2L. PCAP=> DoS-15m-12h_1 a. List 3 observations about the network,...

Use Network Miner program to load and study the PCAP file uploaded with the assignment on D2L. PCAP=> DoS-15m-12h_1 List 3 observations about the network, in terms of number of hosts, IP addresses,...

ASSESSMENT REPORT". Read the report and answer the following questions. a. What is the system in scope of the risk assessment included in the report? And what does that system do (functionality)? b....

350 Specification and Verification II Explain how a register can be modelled either as a unit-delay, or with an explicit clock input. [4 marks] Describe the relationship between the two models. [4...

Assignment 6 : Network Traffic Analysis with Wireshark Instructions: a ) The assignment must be done individually. b ) You'll have to demonstrate the assignment on your PC OR submit a report. For...

University of Derby Derby Business School In-course Assignment Specification Module Code and Title: 7LO510 Supply Chain Analysis and System Modelling Assignment No. and Title: Coursework Assessment...

Assignment 2: LASA 2: Analysis of an Intrusion Detection System Report This assignment builds upon the scenario introduced in LASA 1, from the organization Open Water Diving and Scuba Institute...

6. You Step 9: Log off from the Kali PC. 1. In the upper-right corner, click root | Shutdown. 2. In the Shut Down This System Now? dialog box, click Shut Do ODDS 7. in dius Note The ARP protocol and...

A mid - sized enterprise specializing in providing cloud - based services to clients across various industries, including finance, healthcare, and e - commerce, has expanded its digital...

Computer Science - Computer Networking Network Traffic Analysis and Recommendations section: Analysis: Summarize each of the major uses of the distributed network -> For each use, identify the...

What is revaluation; to what does it apply; and how would it result in a revaluation surplus? Where does the revaluation surplus appear in the financial statements?

What effect did the smoothing constant have on the forecast for Cool-Man air conditioners? Which smoothing constant gives the most accurate forecast? Data from Sales of Cool-Man air conditioners have...

Work with a partner or in a small group to discuss these questions. a Is a trapezium always an isosceles trapezium? Is an isosceles trapezium always a trapezium? b Is a kite a rhombus? Is a rhombus a...

Seved Help 14 Wisconsin Snowmobile Corp. is considering a switch to level production Cost efficiencies would occur under level production, and aftertax costs would decline by $31,500, but inventory...

9. Explain what you believe are the advantages and disadvantages of creating a training consortium or partnership with other companies.

11. What are the implications of virtual work arrangements for training?

8. What misconceptions do managers have about training? How could you change those misconceptions?