work

Project 2 Lab Insight

Kali Linux is on NIXATK01 and WINATK01. Use the correct machine at the needed instance.

1. The Kali Linux  environment, on NIXATK01, is to help you download the PCAP file, UNZIP it, and execute the sudo ngrep command you created and copied with Leafpad.

This file parsing allows you to know the IP address that attacked the Webserver. 

After this, you should log out of Kali Linux, NIXATK01.

2. Now, login to Kali Linux, on WINATK01.

The remaining of the work will be done in the Windows desktop environment.

Follow the lab instructions to complete the Wireshark analysis.

Use Snort, at the command prompt (just like you did in CST 620, project2) 

After generating the alert, you will use WordPad to edit the rule file. 

From here you can secure your system by adding, activating or deactivating any alert you want.

At this point, you should have your three new Snort Rules.

 

You DO NOT have to go into the snort.conf file and add the 3 new rules and then run Snort.

Just write the rules and explain the intended outcomes, according to the vulnerabilities discovered.  (This is NOT a repetition of CST 620, Project 2.)

Correct command/spacing for Lab

Contains unread posts

Margaret McMahon posted Mar 25, 2019 2:18 PM

Subscribed Subscribe

Hello Everyone,

This is the correct command/spacing for the Lab.

ngrep – I Projec2.pcap | grep –aE 10.0.250.200 | awk ‘{print $2}’ | sort | grep –aE ‘[0-9]+\.[0-9]+\.[0-9]+\.[0-9]’ | sort | awk –F ‘:[0-9]’ ‘{print $1}’ | sort | uniq –c