Part A Overview
The lab will demonstrate creating and capturing traffic off the LAN segment using tcpdump on an Apache Web Server and Linux VM and Wireshark protocol capture and analyzer tool. The demo will engage in Telnet, SSH, ICMP (Ping), FTP, TFTP, HTTP to a Web server while performing a protocol capture on their Student VM workstation using Wireshark. A Wireshark packet capture file will be saved for importing into Netwitness Investigator for further protocol analysis.
Part B Overview
Now that you understand the concepts of network traffic and packet capture, this assignment requires you to answer the questions based on packet capture
Assignment Requirements
Answer the following questions based on the packet capture that precedes them. You may research any of these on the Internet if you need to do so.
15:40:19.571032 IP 192.168.2.62.44389 > 192.168.2.104.22: S 1273007928:1273007928(0) win 5840
15:40:19.571720 IP 192.168.2.104.22 > 192.168.2.62.44389: S 1312754191:1312754191(0) ack 1273007929 win 5792
15:40:19.571812 IP 192.168.2.62.44389 > 192.168.2.104.22: . ack 1 win 92
15:40:19.604635 IP 192.168.2.104.22 > 192.168.2.62.44389: P 1:40(39) ack 1 win 91
15:40:19.611687 IP 192.168.2.62.44389 > 192.168.2.104.22: . ack 40 win 92
15:40:19.612844 IP 192.168.2.62.44389 > 192.168.2.104.22: P 1:40(39) ack 40 win 92
1. What was the first connection made, to where, and via what protocol?
15:42:31.063149 IP 192.168.2.62.36182 > 192.168.2.1.53: 64516+ A? google.com. (28)
15:42:31.080163 IP 192.168.2.1.53 > 192.168.2.62.36182: 64516 6/0/0 A 74.125.95.103,[|domain]
15:42:31.126128 IP 192.168.2.62.60175 > 74.125.95.103.80: S 3347203011:3347203011(0) win 5840
15:42:31.151658 IP 74.125.95.103.80 > 192.168.2.62.60175: S 1961428039:1961428039(0) ack 3347203012 win 5672
15:42:31.151923 IP 192.168.2.62.60175 > 74.125.95.103.80: . ack