This lab will introduce how to capture packets and interpret them when performing network forensics. We will also examine how to use a graphical network analyzer to interpret the results.

Objective

In this lab, you will be conducting forensic practices using various tools. You will be performing the following tasks:

1. Capturing and Analyzing Traffic with Tcpdump
2. Analyzing Traffic with Wireshark

Instructions

  1. Login into NetLab (https://ccsenetlab2.kennesaw.edu/)
  2. Go to Lab 10: Network Forensics
  3. Follow lab instructions and take the screenshots required in “QUESTIONS” section

 

Due Date and Submission Procedure

  • Due Date: See D2l or Syllabus
  • Submit your report to D2L in the dropbox for this module’s assignments

____________________________________________________

 

 

LAB AND QUESTIONS

 

Paste here a screenshot of the following screens while performing this lab. Each question = 20 points.

 

  1. Take a screenshot of the Step 3, Page 6. Can the man command be used to learn what other commands do? If so, give an example? If not, why?

 

  1. Take a screenshot of the Step 4, Page 7. Why was the sudo command used to launch tcpdump?

 

  1. Take a screenshot of the Step 12, Page 8. In step 11 you typed a command. If you had to explain to a non-technical person what each step in this command does, how would you do it?

 

  1. Take a screenshot of the Step 20, Page 14. If the “get” command is used to download a file from a terminal, what command is used to upload a file?

 

Take a screenshot of the Step 30, Page 18. In this screenshot you can view everything in cleartext. To avoid items being viewed in cleartext, what option or port could you use with FTP to