Transmission Control Protocol and Protocol Capture
Assessment Worksheet
113
LAB #7 – ASSESSMENT WORKSHEET
Conduct a Network Traffic Analysis and Baseline Definition
Course Name and Number:
Student Name:
Instructor Name:
Lab Due Date:
Overview
In this lab, you created and captured traffic from the machines in this lab using tcpdump, a command line packet analyzer, and the Wireshark protocol capture and analyzer tool. You opened Telnet and SSH sessions and used FileZilla and the Tftpd32 application to transfer files between the virtual machines. You used
NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing packets to view the data captured using Wireshark.
Lab Assessment Questions & Answers
1. Which tool is better at performing protocol captures and which tool is better at performing protocol
analysis?
7
Conduct a Network Traffic Analysis and Baseline Definition
9781284037548_LB07_Printer.indd 113
22/05/13 2:43 PM
114
Lab #7 | Conduct a Network Traffic Analysis and Baseline Definition 2.
What is the significance of the TCP three-way handshake for applications that utilize TCP as a transport
protocol? Which application in your protocol capture uses TCP as a transport protocol?
3.
How many different source IP host addresses did you capture in your protocol capture?
4.
How many different protocols (layer 3, layer 4, etc.) did your protocol capture session have? What
function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment? 5.
Can Wireshark provide you with network traffic packet size counts? How and where? Are you able to
distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know?
9781284037548_LB07_Printer.indd 114
22/05/13 2:43 PM
Assessment Worksheet
115
6.
Why is it important to use protocol capture tools and protocol analyzers as an information systems
security
113
LAB #7 – ASSESSMENT WORKSHEET
Conduct a Network Traffic Analysis and Baseline Definition
Course Name and Number:
Student Name:
Instructor Name:
Lab Due Date:
Overview
In this lab, you created and captured traffic from the machines in this lab using tcpdump, a command line packet analyzer, and the Wireshark protocol capture and analyzer tool. You opened Telnet and SSH sessions and used FileZilla and the Tftpd32 application to transfer files between the virtual machines. You used
NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing packets to view the data captured using Wireshark.
Lab Assessment Questions & Answers
1. Which tool is better at performing protocol captures and which tool is better at performing protocol
analysis?
7
Conduct a Network Traffic Analysis and Baseline Definition
9781284037548_LB07_Printer.indd 113
22/05/13 2:43 PM
114
Lab #7 | Conduct a Network Traffic Analysis and Baseline Definition 2.
What is the significance of the TCP three-way handshake for applications that utilize TCP as a transport
protocol? Which application in your protocol capture uses TCP as a transport protocol?
3.
How many different source IP host addresses did you capture in your protocol capture?
4.
How many different protocols (layer 3, layer 4, etc.) did your protocol capture session have? What
function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment? 5.
Can Wireshark provide you with network traffic packet size counts? How and where? Are you able to
distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know?
9781284037548_LB07_Printer.indd 114
22/05/13 2:43 PM
Assessment Worksheet
115
6.
Why is it important to use protocol capture tools and protocol analyzers as an information systems
security