Aim:
In the world of network security, it is very likely that you will find yourself peering at a collection of raw packets (a file of which is typically called a packet trace). Packet traces are often used for network forensics, analyzing (or reverse engineering) protocols, and (as you will soon find out) debugging and troubleshooting during network development.
Objective:
The purpose of this portion of the assignment is to get you comfortable looking at packet traces. Your job is to use a packet analyzer to go through the trace files we give you (available here) and answer the following questions.
Trace 1:
HTTP Trace
Analyse the packets from the source IP "128.12.173.14".
- What sites did we visit?
- What did we search for?
- Also list the IP addresses for all major sites visited by us.
Trace 2:
HTTPS Trace
Analyse the packets from the source IP "128.12.173.14",
- What domain names were resolved and what were their IP Addresses?
Observe the first https protocol trace.
- What was the name of the certificate issuing authority?
- Name the encryption algorithm used.
- What was the key and the size of the key used during encryption?
- What was the expiration date and time on the issued certificate?
- Give the complete cipher suite that the browser supports.
- Give the cipher suite that the server supports.
Trace 3: FTP Trace
- What was the login name and password used for connecting to the ftp server?
- Identify exactly where there are passive and active ftp connections in the trace.Explain briefly the difference between active and passive FTP.
- What file(s) were downloaded? Give them a complete download path and their sizes.
Trace 4:
Trace Route
Analyse the packets from the source IP "128.12.173.14".
- TraceRoute tool is run to find the route to which site?
- List the IP addresses observed in the route from source to destination during the TraceRoute.
Trace 5: POP3 Trace
- Give the login name and password we used.
- How many e-mails have been received by the account? Give details about fields such as 'subject' and 'date:' for every mail.
Traces 6, 7, 8 & 9:
Represent Attacks on the network.
- Identify each attack and explain what they hope to achieve briefly.
- What were the target domains in each of the attacks?
To poke through the trace file, you are going to want to enlist the help of Wireshark Software. We highly recommend that you use Wireshark Software because it has much more comprehensive functionality for decoding packets.
Hint:
- Use filtering. Most of the questions above can be answered easily if you know which filter string to pass your packet parsing tool.
The following is an example profile you may follow, comprising of a 'first iteration' exercise, using the above 'Task List' as a basis.
Project Overview:
(Concise description of students understanding of the project)
2. Client Overview:
(Summarise what service(s) they provide / what they sell / who their customers are (what market(s) they operate in) / what are their underlying values /motivation etc.)
3. Scope: (What the project is supposed to accomplish, outline the results their project will produce)
4. Project Assessment Report:
4.1. Introduction:
(Concise, (1 paragraph only) while still covering all of the key issues of the project) 4.2. Project Findings:
(Briefly what are required to complete the project)
4.3. Project Recommendations:
(List of recommendation prepared by student. Hardware and software specifications, server configuration, network protocol etc.)
4.4. Possible OHS Concerns :
(Identify any possible OHS issues for the mentioned project)
5. Project Analysis and Design:
5.1. Project Estimated Duration:
(Estimated time-frame to complete the entire project. Summery/brief break down of the time-frame is ideal answer)
5.2. Target Audience:
(Target audience for the mentioned project)
5.3. Mock-up Design:
(Skeleton of the mock-up design.Ideally sketchy and incomplete structure. First draft based
on Lo-Fidelity Prototype)
6. Project Management:
6.1. Preliminary Evaluation of Technologies: (Software and hardware):
(List of hardware and software required to build and run the project and the completed work) 6.2. Project Timelines:
(Detailed timeline prepared in MS Project)
6.3. Budget:
(Should be in MS Excel. Budget MUST show the break-down of each area. i.e. - research. image editing, development. testing, etc.)
6.4. Copyright and legal issue:
(Sign-off form which indicates copyright notice. It should also outline who is responsible for any images and contents of the project)
7. Project Sign Off: (Project sign-off form)