Question Details

Answered: - ATTENTION: PLEASE START WITH #3 THAT IS MOST IMPORTANT AT THIS


ATTENTION: PLEASE START WITH #3 THAT IS MOST IMPORTANT AT THIS MOMENT! NUMBER 3 MUST BE FINISHED FIRST BEFORE EVERYTHING ELSE!!!!!!


2. (2.2 points) Start your Bt5 (or other virtual machine) and use ifconfig to find its IP address. Capture a screenshot of your ifconfig command and corresponding output. Now start Wireshark in both Bt5 and host OS and select non-promiscuous mode. In the Wireshark of the host OS, apply a capture filter that will capture only the TCP packets whose source IP address is the one of Bt5. Type this capture filter. Also capture a screenshot of this filter. In the Wireshark of Bt5 apply a packet capture filter that will capture only TCP packets that have all of the following properties: a) destination port 900, b) SYN, PSH and URG bits set to 1, c) an IP Identification field of 1234, d) and 1000 TCP data bytes. Type this capture filter. Also capture a screenshot of this applied filter. Now start the packet capturing process in both host OS and Bt5 Wiresharks. Next, use (in Bt5) one hping3 command that will transmit 3 TCP packets to the Host OS with destination ports 899, 900, 901. Moreover, each one of these packets must have the SYN, PSH and URG bits set to 1, its IP Identification field equal to 1234, 1000 TCP data bytes and no IP or TCP options. Type the hping3 command you have used. Also capture a screenshot of this command and its output. Stop the packet capturing process in both Wiresharks. Capture a screenshot of the packet list pane of the Bt5 Wireshark and a screenshot of the packet list pane of the Host OS Wireshark showing the captured packets. Your screenshots must show the port number of the 2nd packet and the IP Total Length. How many packets have been captured by Bt5 Wireshark and how many by the Host OS Wireshark? Is that what you expected? Explain why or why not.


3. (3.4 points) Start your Bt5 (or other virtual machine) and use ifconfig to find its IP address. Capture a screenshot of your ifconfig command and corresponding output. Now start Wireshark in both Bt5 and host OS and select non-promiscuous mode. In the Wireshark of the host OS, apply a capture filter that will capture only the TCP packets whose source IP address is the one of Bt5.

a) In Bt5 Wireshark apply a packet capture filter that will capture only 1st fragment of a transmitted TCP packet; not the response. Type the filter that you have used. Briefly explain why your filter will be able to capture only the 1st fragment. Now use hping3, in Bt5, to transmit one TCP packet to the host OS that has all of the following properties: i) its destination port number is 4567, ii) its TCP flags SYN and ACK are set to 1, iii) it carries 6,000 TCP data bytes. Capture a screenshot of the BT5 Wireshark packet list pane and packet detail pane that verify that only the 1st fragment has been captured. Capture a screenshot of the host OS Wireshark packet list pane showing that all fragments have been captured; together with their fragmentation offsets.

b) In Bt5 Wireshark apply a packet capture filter that will capture only the intermediate fragments of a transmitted TCP packet; not the response. Type the filter that you have used. Briefly explain why your filter will be able to capture only the intermediate fragments. Now use hping3, in Bt5, to transmit the same TCP packet of question ?a)?. Capture a screenshot of the BT5 Wireshark packet list pane that verifies that only the intermediate fragments have been captured.

c) In Bt5 Wireshark apply a packet capture filter that will capture only the last fragment of a transmitted TCP packet; not the response. Type the filter that you have used. Briefly explain why your filter will be able to capture only the last fragment. Now use hping3, in Bt5, to transmit the same TCP packet of question ?a)?. Capture a screenshot of the BT5 Wireshark packet list pane and packet detail pane that verify that only the last fragment has been captured. What is the decimal value of the IP Fragmentation Offset Field of the last fragment? How many TCP data bytes are in the last fragment? Use an analytic calculation to derive the value of the IP Fragmentation Offset field as well as the number of TCP data bytes of the last fragment. Is your calculation agree with the values provided by Wireshark?


4. (2.4 points) A wireless monitoring device has captured the 802.11 wireless traffic of the posted file wireless.cap. In this question you will use Wireshark to analyze this traffic. First, open the wireless.cap file and delete the default coloring rules. Now answer the following questions:

a) Type the display filter that you must use in order to display all the management frames transmitted by all the wireless devices except of the Access Point. Apply this display filter and capture a screen-shot of the Wireshark packet list pane showing both the filter you have used and corresponding frames. How many are these frames? Explain how did you find their number.

b) Type the display filter that you must use in order to display all the non-beacon management frames transmitted by the Access Point. Apply this display filter and capture a screenshot of the Wireshark packet list pane showing both the filter you have used and corresponding frames. How many are these frames. Explain how did you find their number.

c) Type the display filter that you must use in order to display all the data frames transmitted by all the wireless devices; except of the Access Point. Apply this display filter and capture a screenshot of the Wireshark packet list pane showing both the filter you have used and corresponding frames. How many are these frames. Explain how did you find their number.

In each of questions ?a)? ?b)?, ?c)? above, you should not manually count the frames. You must use the functionality of Wireshark to derive their number.




 


Solution details:

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .
SiteLock

About this Question

STATUS

Answered

QUALITY

Approved

DATE ANSWERED

Oct 07, 2020

EXPERT

Tutor

ANSWER RATING

GET INSTANT HELP/h4>

We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.

NEW ASSIGNMENT HELP?

Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

WE GUARANTEE, THAT YOUR PAPER WILL BE WRITTEN FROM SCRATCH AND WITHIN A DEADLINE.

Order Now