Solved by verified expert:Hi, I need help with an assignment that involves using Wireshark to analyze a pcap file (packet capture file) for unusual activity. The analysis includes creating a management summary and answering 10 questions. See attached word document for full instructions and questions. The PCAP file is in the attached zip file (Excerpt from word doc:First, a management summary, written with no
technical language, which provides a summary of what was found. The summary
should be roughly a paragraph in length..The second part will be the technical section
where you will answer the following questions. Include the question and
the answer.1. What is the network address and subnet
Unformatted Attachment Preview
You will use Wireshark to analyze the provided packet capture and report on the activity found therein
To aid in your goals, the administrator has provided a few details about the network from which the
capture originated. There are four computers on the network. The IT administrator admin box is an
Ubuntu server. There are also DHCP and web servers and the Admin is the only individual within the
company with authorization for access to those servers. There are two other employees, Bob Smith, a
new hire and recent college graduate, who uses a workstation with network access running Windows
XP, and Sarah, a developer who uses a workstation with a standard installation of Ubuntu also with
network access. Both Bob and Sarah are authorized to have access to their own workstation and no
First, a management summary, written with no technical language, which provides a summary of what
was found. The summary should be roughly a paragraph in length..
The second part will be the technical section where you will answer the following questions. Include the
question and the answer.
1. What is the network address and subnet mask?
2. For each computer:
a. What is the IP of the computer?
b. What OS is it running?
c. What is the MAC address?
3. What computer (refer by OS name and last octet of the IP address, e.g., Win7.128) is serving as a
DHCP server? How do you know?
a. What other services is the DHCP server running? How do you know?
4. What computer (refer by OS name and last octet of the IP address) is running a web server?
a. Which computer(s) accessed this web server?
b. How do you know a web page was accessed? What was the file name of the web page
c. What web browser was the user running?
d. At what time did the access occur?
e. What web server application was running? (include version number)
5. What computer (refer by OS name and last octet of the IP address) is running the telnet service?
a. Which computer(s) accessed the telnet server?
b. At what time(s)/date did this access occur?
6. What usernames/passwords were used to access the telnet server?
a. What did the attacker do, if anything, from the telnet server? Explain why the attacker might
have done this.
7. What is a buffer overflow? What is an SQL Injection? Identify the packet series that contains what
appears to be a buffer overflow followed by an SQL Injection. Describe how the attacker attempts to
effect the buffer overflow. You may need additional material from the Web. Use your own words; do not
copy and paste an answer.
8. What is a port scan?
a. How many port scans were run?
b. What computer initiated the port scan(s)? What were the target computers?
c. What type of port scan(s) did the attacker use (refer to the man page for nmap)?
9. What did the ‘attacker’ do once on the FTP server?
a. How many commands were run on the ftp server?
b. What username/password was used to access the FTP server?
c. From what computer was the FTP server accessed?
d. Date and time?
e. What file was downloaded from the ftp server?
f. To which computer was this file downloaded?
10. What is the IP address of the attacker? In your opinion, how technically sophisticated is the
attacker? Provide evidence to support your claims.
Our essay writing service fulfills every request with the highest level of urgency.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more