- Information
- AI Chat
Lab 3 - Packet Analysis With Wireshark
Data Communication Networking (ITT300)
Universiti Teknologi MARA
Preview text
Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is purely for educational purposes. I’m don’t even know you J
Page | 1 Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is
Lab 3: Packet Analysis with Wireshark ( 5 Marks )
Student Name (aka script kiddies): MUHAMMAD HAIKAL BIN SHAMSUDDIN
Matric No: 2019423266
Group: M3CS2453A
3 Learn Display Filter On Wireshark
Wireshark is a free and open-source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
i. Run and Perform Packet Capture
Generally, most of Kali Linux distribution was preinstalled with Wireshark tool. You can run Wireshark in Kali by clicking Application Menu > 09 Sniffing & Spoofing Tab > Wireshark.
Once you have open Wireshark, you can begin to perform packet capture on your network interface by clicking Capture Menu > Start. You can choose the network interface and review the capture option by clicking capture menu > Options.
You can stop the packet capture by clicking Capture Menu > Stop. You can save the packet capture by clicking file menu > Save as.
Please state the file name extension which Wireshark used to store packet capture. Please provide screenshot of packet capture process in Wireshark (1 Marks)
- pcapng
Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is purely for educational purposes. I’m don’t even know you J
Page | 2 Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is
ii. Learn and Explore Display Filter
Display filters allow you to concentrate on the packets you are interested in while hiding the currently uninteresting ones. Please learn to use Wireshark display filter, you need it to complete the task in below exercise. You can learn about Wireshark display filter from here: unit42.paloaltonetworks/using-wireshark-displayfilter-expressions/
3 Capturing Password from Packet
You can use Wireshark as a packet sniffer to expose user credentials during their authentication process.
i. Capturing password in unsecure website
Open and run packet capture in Wireshark. While the packet capture is running, open your browser and open this website demo.testfire. Open up the login page and try put username and password (e. username: test, password: test123456) and then click the login page. After you have completed the login process, you can stop the packet capture.
To analyse the packet, you can apply display filter “http” so that Wireshark only shows http protocol packet. After that, find an http packet which show “POST” in its info. Click the packet and then right click and click follow TCP stream. After that, you will show the packet content of the communication session. In the packet content, please find username and password which involve in the communication session.
Please provide screenshot of Wireshark which show username and password being capture during packet capture process (0 Marks)
Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is purely for educational purposes. I’m don’t even know you J
Page | 4 Disclaimer: Author is not held responsible if the lab exercise is targeted to unauthorized parties or host. This is
3 Malware Analysis
Wireshark can also be used to effectively analysis and understand how malware infection occurs on the Internet.
i. Packet Analysis
Before we begin, please down a packet capture file able to capture a malware infection over the internet, you can download the file from here malwaretraffic- analysis/training/Using-Wireshark-diplay-filters-FTP -malware.pcap
Open the file with Wireshark and start analysing the file. Use what you have learnt regarding Wireshark display filter to effectively do the analysis. Please answer the following question
What is the username which request the malware file from the FTP server? What is the fi lename of the malware? (0 Marks) -Size fc32 From you analysis, please state what is the IP address of FTP server and FTP client (0 Marks)
FTP Server Responded : 192 :168: 201:
FTP Client Request : 10 :1114:
3 Reflection
In your opinion, why Wireshark is an important tool in investigating information security issues (0 Marks)
In my opinion, Wireshark is important tool in investigating information security issues because Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues.
Plea se state the name and discuss about software / tools which able to automatically detect security threat by analysing packets (0 Marks)
Wire less sniffer, a packet analyzer created for capturing data that is on wireless network.
Lab 3 - Packet Analysis With Wireshark
Course: Data Communication Networking (ITT300)
University: Universiti Teknologi MARA
This is a preview
Access to all documents
Get Unlimited Downloads
Improve your grades
