1.Which tool is better at performing protocol captures and which tool is better at performing protocol analysis?
Wireshark is better for performing protocol analysis and Netwitness Investigator is best at performing protocol captures. Wireshark does well at both aspects, which makes it a little better.
2.What is promiscuous mode and how does this allow tcpdump, Wireshark, and NetWitness Investigator to perform protocol capture off a live network?
Promiscuous mode is for a wired network interface controller or wireless network interface controller that causes the controller to pass all traffic to the CPU instead of passing only through the frames the controller is supposed to receive. It allows tcpdump, Wireshark, and NetWitness Investigator to perform protocol capture off a live network because it’s made for packet sniffing, which all these applications perform.
3.What is the significance of the TCP three-way handshake for applications that utilize TCP as a transport protocol? Which application in your protocol capture uses TCP as a transport protocol?
The significance of the TCP three-way handshake is that three messages are transmitted by TCP to negotiate and start a TCP session between the computers. The purpose is so that two computers can negotiate the parameters of the network TCP socket connection before transmitting the data. Wireshark is the application that uses TCP as a transport protocol.
4.How many different source IP host addresses did you capture in your protocol capture?
There were 6 different IP host addresses captured in the protocol capture.
5.How many different protocols (layer 3, layer 4, etc.) did your protocol capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment?
6. Can Wireshark provide you with network traffic packet size counts? How and where? Are you able to distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know? 7. Is FTP data able to be replayed and reconstructed if the packets are captured on the wire? If an attack were to occur between the source and destination IP host with data replayed that has been altered, what kind of attack is this called? 8. Why is it important to use protocol capture tools and protocol analyzers as an information systems security professional? 9. What are some challenges to protocol analysis and network traffic analysis? 10. Why would an information systems security practitioner want to see network traffic on both internal and external LAN segments at the DMZ within the LAN-to-WAN domain (i.e., both on the inside and outside LAN segments)?
- Why Is It Impractical for an Organization to Own the Entirety of a Wan_
Why is it impractical for an organization to own the entirety of a WAN? There are no limitations on WANs so they can be custom built for the size of the organization.
Why is it favorable for an organization to maintain ownership of the entirety of the LAN? For the purpose of organizational...
- Networking Concepts
I would tell Fred to use the Peer-to-Peer architecture or the Client Server architecture both have pro's and con's. The reason that I would tell him to use the Peer-to-Peer architecture is in a peer to peer architecture, workstation on the network will be able to shares its files equally with the other...
- Security Systems
System securities are a vital requirement in computers where a great problem in network security is experienced. There are more complexities in the distribution and array of computer network interconnections. This is usually experienced in different environments. Hence there is the need for having methods...
- Checkpoint Switching
Packet switched networks move data in small blocks, or packets based on the destination address in each packet. When they are received the packets are reassembled in sequence to make up the message. Circuit switched networks rely on dedicated point-to-point connections during transmission. There are many...
- Impacts of Data Classification Standards
Through my research I have found three basic domains that are affected by the "internal use only" data classification standard. What I would like to discuss in this report addressing IT infrastructure is how these three domains are affected. I will be discussing the User Domain, Workstation Domain, and LAN...
- Computer Networks
I. Internet and layered protocol architecture: Q1. (5 points) In the layered protocol architecture the transport layer functionality includes congestion control and error recovery (e.g., retransmission). One suggested that this functionality should be done strictly at the end points (i.e., at the hosts)...
- Backbone Network
The chapter starts out explaining how a BN (Backbone Network) works. Backbone Network: Connecting all of the LANs of an organization entails another type of network (BN). A properly designed backbone network provides a high-speed circuit that serves as the central conduit across which the LANs of an...
- The Dawn of the Net
In the video of warriors of the . net the whole way of accessing the internet is described, the devices which the information goes through in the form of packaged data, the summary is as follows:
When we enter a web address on the internet explorer it is considered as a package in which all the information...
- Patton Fuller Community Hospital Request for Project
The following document shall serve as the RFP (Request for Project) for the Patton-Fuller Community Hospital. Team A has researched the hospital's current IT systems seeking ways to ensure many years of continued success and compliance with the very best practices in the IT community today. Specific areas...
- Data Communications System
Q1-11) Why are protocols needed?
To achieve end-to-end delivery of data.
Q-17) Explain the difference between an Internet draft and a proposed standard? – An Internet draft is a working document (a work inprogress) with no official...