Perceived Purpose
To understand packet sniffing. Packet sniffing means that a network interface is in promiscuous mode and is therefore monitored for all traffic passing by or a subset of the traffic that matches some predefined pattern. Packet sniffing can reveal information such as: plaintext password, SMTP traffic, and SNMP information. Packet sniffing can often play a part in computer forensics investigations, reveal illegal activity, and help pinpoint am internal attacker within an organization.
Tools
One of the tools we used for this lab is TCPDump, which is the strongest and useful tool for analyzing network traffic. We also used ping to ping our partner’s machine. A tool we used to analyze the data was Ethereal.
Procedures and Results
Click here to see the Procedure and Result for TCPDump.
Click here to see the Procedure and Result for TCPDump-x.
Click here to see the Procedure and Result for Ethereal.
Another interesting tool we used was lynx. Typing lynx followed by http:// followed by an IP address allows you to see initiate a session with HTTP. Lynx is basically text based web. It gave us a different view for looking at the World Wide Web.
Analysis and Reflection
This lab showed us the information we can get through packet sniffing and how that data can be analyzed. This analysis helps us in monitoring our networks and analyzing the type of traffic passing through and helps us understand and detect any vulnerabilities or out of the ordinary behavior.
Time
35 minutes
Perceived Purpose
to understand how network administrators can keep their systems updated. The manufacturers of operating systems and most program software that operate in a network environment, supply updates, patches, and hot fixes to secure their software. Some of these companies offer utilities that can help identify weaknesses and harden the OS. We examine two of these utilities in this lab.
Tools
One of the tool we utilize in this assignment is the Microsoft Baseline Security Analyzer (MBSA), which is used to detect and identify the patches that a Microsoft server needs to protect it against known attacks. The other tool is the Windows NT/2000 Security Scoring Tool, which is available from the Center for Internet Security (CIS).
Procedures and Results
A regular update that should be done on all systems running Windows in the Microsoft Windows Update that can be run from windowsupdate.microsoft.com and updates the system wit the necessary patches and updates.
Click here to see the Procedure and Result for the MBSA tool.
Click here to see the Procedure and Result for the CIS tool.
Analysis and Reflection
So we see that these two tools both find the system vulnerabilities, but the CIS tool gives us a numerical value and is more granular and detailed.
Time
30 minutes