Home work
ISYS 565-02 Homework Individual project Hunter Dalli
1. Make a list of all the protocols in that capture. There are 9 protocols captured in the Wireshark, RIPv1, SSH, TCP, ARP, OSPF, NFS, DNS Portmap, Mount,
2. Briefly explain what all the protocols do (approximately one paragraph per protocol). Please do not simply copy/paste from Wikipedia or some other source. Instead, write in your own words. RIPv1; Routing Information Protocol (RIP) is a protocol that routers can use to exchange network pocket. It is characterized as an interior gateway protocol that is often used in small to medium-sized networks. SSH; Is the protocol that works in the client-server model, which means that the connection is established by the SSH client connecting to the SSH server. The SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server. TCP; TCP Specifies how data is exchanged over the internet by providing end-to-end communications that identify how it should be divided into packets, addressed, transmitted, routed and received at the destination. DNS; The Domain Network System protocol helps Internet users and network devices discover websites using readable text hostnames, instead of numeric IP addresses. For example, the numeric IP address for a domain name verma.sfsu.edu is 130.212.24.20. (example from the in class lectures)
ARP; (Address Resolution Protocol) is a network protocol that computers uses to find out the MAC address of a device from an IP address at layer 2 on a local network (Ethernet) that requires physical addresses to be known before sending packets.
OSPF; (Open Shortest Path First) is an open standard link routing protocol that is implemented by a variety of network vendors. It is designed to be used in a single autonomous system. OSPF is found or runs on most routers that we have in the market today. MOUNT; The MOUNT protocol that was used in specifying files and folders in Linux/Unix. It is a support protocol for versions 2 and 3 of Network File System. After the version 4, mount has been merged to NSF protocol. NFS; NFS, or Network File System is an open standard protocol that allows a user on a client computer to access files over a network in the same way they would access a local storage file. PORTMAP; Portmap is a server that converts Remote Procedure Call (RPC) program numbers into protocol port numbers.
3. What is the source MAC address of the computer making a RIPv1 request at IP address 10.0.0.2? Ca: 01:14:28: 00:1c
4. What's happening with capture # 67? Explain. At capture #67 There is a communication between two devices on a local network being facilitated by ARP. A sender, Netgear_51:ac:06 in this case sends a broadcast (ff: ff : ff : ff : ff : ff) ARP request message containing the IP address of the receiving device . Who has 192.168.50.172 IP address? The sender asks. So what ARP will do is resolve the IP address into a MAC address to allow the receiver to of the message to ready the message that was send. The receiver will then send back its IP address that APR will convert to MAC address that will allow the two devices communicate.
5. Are there any FTP or Telnet sessions? Why are FTP and Telnet considered insecure protocols? No, there is no FTP or Telnet sessions captured in the Wireshark packets captured. FTP and Telnet protocol are considered insecure because unlike SSH, every file transmitted through FTP and Telnet are not encrypted. That means if you login to a system with your username and password through FTP or Telnet protocol your information will show up as a clear text in the captured file. Which can be easily used against you by the bad guys out there.
6. Are there any SSH sessions? How does Telnet relate to SSH? Tell us why SSH v2 is better? Yes, there are few SSH packets captured in the Wireshark. Telnet is related to SSH in a way that both protocols allows uses to communication with remote devices. Telnet and SSH allow IT personnel to access and manage devices remotely. SSHv2 is considered better because it offers a strong authentication method to help ensure that client to server communication is safe. It is ensures that every data transmitted through Network is secure and encrypted.