Hackers: Transmission Control Protocol and Protocol Capture
Week 4 Lab Part 1: Network Traffic Analysis and Baseline Definition & Secure WLAN Solution
Part A Assignment Requirements
Watch the Demo Lab in Learning Space Unit 7 and then answer questions 1-10 below.
1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness. 2. What is promiscuous mode and how does this allow tcpdump, Wireshark, and Netwitness Investigator to perform protocol capture off a live network? Promiscuous mode causes the controller to pass all traffic it receives to the CPU rather than passing only the frames that the controller is intended to receive. It allows them to perform protocol captures because it is using the network traffic from the system network.
3. What is the significance of the TCP, 3-Way Handshake for applications that utilize TCP as a transport protocol? Which application in your protocol capture uses TCP as a transport protocol? The significance of the TCP 3-way handshake is that it is required for both the server and the client to setup initial sequence numbers and ensure that they both understand each other. The protocol that uses TCP as a transport protocol is Wireshark.
4. How many different source IP host addresses did you capture in your protocol capture? I captured 14 different IP addresses in my protocol capture.
5. How many different protocols (layer 3, layer 4, etc.) did your protocol capture session have? What function in Wireshark
Part A Assignment Requirements
Watch the Demo Lab in Learning Space Unit 7 and then answer questions 1-10 below.
1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness. 2. What is promiscuous mode and how does this allow tcpdump, Wireshark, and Netwitness Investigator to perform protocol capture off a live network? Promiscuous mode causes the controller to pass all traffic it receives to the CPU rather than passing only the frames that the controller is intended to receive. It allows them to perform protocol captures because it is using the network traffic from the system network.
3. What is the significance of the TCP, 3-Way Handshake for applications that utilize TCP as a transport protocol? Which application in your protocol capture uses TCP as a transport protocol? The significance of the TCP 3-way handshake is that it is required for both the server and the client to setup initial sequence numbers and ensure that they both understand each other. The protocol that uses TCP as a transport protocol is Wireshark.
4. How many different source IP host addresses did you capture in your protocol capture? I captured 14 different IP addresses in my protocol capture.
5. How many different protocols (layer 3, layer 4, etc.) did your protocol capture session have? What function in Wireshark