Assignment2Chen Yangcy2846
.pdf
School
New York University**We aren't endorsed by this school
Course
COMP-GA GY 6823
Subject
Computer Science
Date
Dec 18, 2024
Pages
14
Uploaded by AgentGalaxyPheasant24
Network SecurityAssignment 2Chen Yang (cy2846)Task 1: Intro to WiresharkQuestion 1:In Wireshark, when ports are "resolved," it shows the service associated with the port number (like HTTP for port 80). When ports are "unresolved," it simply shows the port number itself without resolving it to a service name.Question 2:This filter specifies traffic on TCP port 25 (SMTP) or ICMP (Internet Control), so the answer is tcp.port eq 25 or icmp.
Question 3:As shown in window, the source IP address shown on the last packet is 172.21.2.217.Question 4:First we need to set time format, go to view>Time Display Format>UTC Date and Time of Day.Then as shown in window, time shown is 2017-12-12 13:04:10.
Question 5:First find the last packet, then find the destination shown in the window, IP address is 34.232.90.203.Task 1 has been completed, here is the screenshot.
Task 2:Packet Capture BasicsQuestion 1:As shown in the Info, the first DNS request is seeking for www.bing.com.Question 2:After DNS response, next step is building a TCP connection, so the TCP destination IP address is 204.79.197.200.Question 3:User Agent string is shown in HTTP request, as in the picture.
Question 4:Server Info is in the HTTP response, so find the response and then can see the engine information.Question 5:Use File>Export Objects>HTTP to find the png file. Then save the png in a file, next will find what is on the image.
Question 6:Use Statistics>Conversation, then will see there are 89 Ipv4 conversations.Question 7:Use File>Export Objects>HTTP, then search download.cnet.com, and can see what was user searching for.
Here is the screenshot of completing the Task 2.Task 3: TcpdumpQuestion 1:-w is the option to let me write captured packets out to a file.Question 2:By using tcpdump -D, we can see that ‘nlog’ is listed as 5.
Question 3:-X is the option to display the ASCII and hex representation.Question 4:By using tcpdump -r tcpdump.pcap host 88.221.88.59, we can capture and filter all the packets from IP address 88.221.88.59, and time shown on the final packet is in image.Question 5:Firstly, use option to read packets from tcpdump.pcap and filter packets to include certain IP address and port. Secondly, write these to a new file, name it 1.txt.Thirdly, use md5sum option.
Here is the screenshot for completion.Task 4: Wireshark Display Filters: Filters In DepthQuestion 1:Using smtp contains “Subject:” as filter and then can see that the first email is to Sarah.
Question 2:Using smtp contains “.co.uk” as filter, the response is the second frame, so the number is 9932.Question 3:Using udp.srcport in {53 59015 63518} as filter, the number of packets is in the bottom right corner.Question 4:The number before “:” is the offset of slice begin, so answer is -4.
Question 5:If there is no number before “:”, the slice will begin from 0.Here is the screenshot of completion.Task 5: BPF SyntaxQuestion 1:BPF stands for Berkeley Packet Filter.
Question 2:There are 2 primitives in this expression.Question 3:Using tcpdump -r bpf-pcap.pcapng ‘host 10.0.50.227 and tcp port 80’ as filter to display all the packets, then find the second GET rrequest from above, the length is 385.Question 4:Using tcpdump -r bpf-pcap.pcapng udp port 57109 as filter, then find the last packet, the timestamp is 11:54:43.808109.Question 5:Firstly, DNS port is 53, so using option tcpdump -r bpf-pcap.pcapng 'not(port 53 or tcp)' -w 1.txt to read all traffic apart from DNS and TCP, and write them to 1.txt.Secondly, using md5sum 1.txt to calculate the md5sum of this file.
Here is the screenshot of completion.Writeup:In this exercise, I learned the basics of network traffic capture and analysis using tools such as Wireshark and Tcpdump. At a high level, capturing network traffic involves intercepting data packets traveling over a network in real-time. Wireshark, a popular packet analysis tool, allows users to capture this traffic and analyze it for troubleshooting, security, or performance monitoring purposes.
I also gained an understanding of how different protocols operate at various layers of the network stack, such as TCP, ICMP, and application-layer protocols like SMTP. By applying filters (e.g., tcpdump -r filename.pcapng), I could narrow down traffic to focus on specific protocols or services. This skill is critical in identifying issues such as network delays, dropped packets, or unauthorized activity, helping to maintain and secure networks.Moreover, this assignment almost takes me about half of day to finish, I learned a lot of new knowledge from this lab.