network security firewalls and VPNs

profilesarahmazin
lesson_1.pdf

LAb #1 – ASSESSMENT WORKSHEET

Analyze Essential TCP/IP Networking Protocols

Course Name and Number:

Student Name:

Instructor Name:

Lab Due Date:

Overview In this lab, you learned how to use a protocol analyzer to capture and analyze IP packets. Understanding how to distinguish proper from improper protocol behavior is a key skill for most network security analysts. Using the Wireshark protocol analyzer tool (sometimes called a “packet sniffer”), you captured IP traffic from a variety of sources and used that data to identify and become familiar with the common network protocols used in a typical network infrastructure.

Lab Assessment Questions & Answers

1. What protocols did you discover in your Wireshark packet capture data? Provide the acronym and a brief description.

2. What was the DHCP allocated source IP host address for the vWorkstation and TargetWindows01server?

14 Lab #1 | Analyze Essential TCP/IP Networking Protocols

38504_LB01_Pass1.indd 14 26/02/13 5:30 PM

A nalyze Essential TC

P/IP N

etw o

rking Pro

to co

ls

3. When you pinged the targeted IP host (172.30.0.8 or 172.30.0.200), what was the source IP address and destination IP address of the ICMP echo-request packet?

4. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-request packets were sent back to the IP source?

5. Find a TCP three-way handshake for a Telnet, FTP, or SSH session. What is the significance of the TCP three-way handshake?

6. In your Wireshark report, what was the sequence number (Seq=x) of the initial TCP [SYN] packet and TCP [ACK] packet? What was the packet number?

1 Assessment Worksheet 15

38504_LB01_Pass1.indd 15 26/02/13 5:30 PM

7. During your Telnet session to the Cisco router, were you able to see the terminal password? Why or why not?

8. How did the packet information differ between Netwitness Investigator and Wireshark?

16 Lab #1 | Analyze Essential TCP/IP Networking Protocols

38504_LB01_Pass1.indd 16 26/02/13 5:30 PM

  1. Course Name and Number:
  2. Student Name:
  3. Instructor Name:
  4. Lab Due Date:
  5. description 1:
  6. description 2:
  7. description 3:
  8. description 4:
  9. 2 What was the DHCP allocated source IP host address for the vWorkstation and TargetWindows01server 1:
  10. 2 What was the DHCP allocated source IP host address for the vWorkstation and TargetWindows01server 2:
  11. 2 What was the DHCP allocated source IP host address for the vWorkstation and TargetWindows01server 3:
  12. 2 What was the DHCP allocated source IP host address for the vWorkstation and TargetWindows01server 4:
  13. and destination IP address of the ICMP echorequest packet 1:
  14. and destination IP address of the ICMP echorequest packet 2:
  15. and destination IP address of the ICMP echorequest packet 3:
  16. and destination IP address of the ICMP echorequest packet 4:
  17. how many ICMP echorequest packets were sent back to the IP source 1:
  18. how many ICMP echorequest packets were sent back to the IP source 2:
  19. how many ICMP echorequest packets were sent back to the IP source 3:
  20. how many ICMP echorequest packets were sent back to the IP source 4:
  21. threeway handshake 1:
  22. threeway handshake 2:
  23. threeway handshake 3:
  24. threeway handshake 4:
  25. TCP ACK packet What was the packet number 1:
  26. TCP ACK packet What was the packet number 2:
  27. TCP ACK packet What was the packet number 3:
  28. TCP ACK packet What was the packet number 4:
  29. why not 1:
  30. why not 2:
  31. why not 3:
  32. why not 4:
  33. 8 How did the packet information differ between Netwitness Investigator and Wireshark 1:
  34. 8 How did the packet information differ between Netwitness Investigator and Wireshark 2:
  35. 8 How did the packet information differ between Netwitness Investigator and Wireshark 3:
  36. 8 How did the packet information differ between Netwitness Investigator and Wireshark 4: