WireShark HomeWork

Oh is this homework fun. You will be hunting for an attacker and learning about WireShark all at the same time.

Wireshark is a tool for observing the messages exchanged between executing protocol entities, it works by using a packet sniffer to passively copy (“sniffs”) messages being sent from and received by your computer.

image002

Getting Wireshark

In order to run Wireshark, you will need to have access to a computer that supports both Wireshark and the libpcap or WinPCap packet capture library. The libpcap software will be installed for you if it is not installed within your operating system when you install Wireshark.  See http://www.wireshark.org/download.html for a list of supported operating systems and download sites

Download and install the Wireshark software:

The Wireshark FAQ has a number of helpful hints and interesting tidbits of information, particularly if you have trouble installing or running Wireshark.

image006

Video Over of WireShark

The great people at HackFive created a video on analyzing networking traces, using WireShark. It is a fun way to get started.

Finding the Hacker.

Oh no there has been an attack on our network.  Not to worry we have a network trace of the strange activity and you can find it here in this PCAP file (DanielJesseArp.pcap ).

Analyze the network traffic to determine what happened.

What to submit.

Answer the question below and submit your answers to collab.

Question:

  1. What type of attack do you think occurred in the network?
  2. What is the MAC address of the Victim’s Machine?
  3. What is the IP address of the Victim Machine?
  4. What is the MAC address of the Attacker’s Machine?
  5. What IP -address was the Attacher’s Machine originally assigned?
  6. What is the mac address of the router that was involved?
  7. What time was the first malicious packet sent? Use the time as formatted in the trace?

Write a description of the other things you think that you want to include in your security report.  Write a paragraph.  List of intercepted URLs.