Cybersec
Share any (additional) information not discussed in Module 1 regarding the above topics. For example, the followings topics are not discussed in Module1 but can be used to supplement the concepts and ideas presented in the module.
Compare and contrast the differences between Unix (or Linux) and Window Traceroute. All the codes for each ICMP error message are not fully listed and explained.
Identify a few scenarios in which ICMP error messages are generated?
What available tools employ ICMP or Traceroute? What are the advantages/disadvantages of such tools?
Module 1 demonstrates how an IP datagram is fragmented. However, the module does not show an IP reassembly process.
And many more other topics…… (you are encouraged to come up with your own).
Cyber Security
Order Custom essay now
RESPOSE TO QUESTION # 1
Module 1 discussed Transmission Control Protocol/Internet Protocol (TCP/IP) and Penetration Testing under the Internet Protocol version 4 (IPv4) construct (University of Maryland University College, 2010). Internet Protocol version 6 (IPv6) is the next generation IP address standard set to replace IPv4. Since the world is moving towards a new standard, it would be interesting to quickly compare and contrast the two standards in regards to the main topics discussed in Module 1.
The Internet Control Message Protocol (ICMP) for IPv4 (ICMPv4) uses the Address Resolution Protocol (ARP) to translate and assist in identifying an IP address (Parziale, et all, 2006). ICMP for IPv6 (ICMPv6) will be using a Neighbor Discovery Tool (NDP) to replace and enhance the functions of ARP (Narten, et all, 2007). The benefits of this modification are evident when (and if) packets require fragmenting. With ICMPv6 the minimum maximum transmission unit (MTU) is 1280 octets, from 576 octets in ICMPv4, reducing fragmentation and the need for intermediate routers (Narten, et all, 2007). Additionally, due to the increase in packet size, reduction in fragmentation, and removal of intermediate routers the traceroute tool has less sources/addresses/paths to follow, increasing hop limits and time, and overall efficiency on the network (Juniper Networks, 2010).
Cyber Security
Order Custom essay now
—————————————————————————————–
QUESTION # 2
Explain the ”display filter” feature in Wireshark. In addition, show 5 complex display filter examples (the more complex, the better).
The following table shows one simple display filter example:
Display filter
Explanation
Example
Ip.addr
Shows only the packets with source or destination IP address is 12.12.12.12.
Ip.addr == 12.12.12.12
RESPOSE QUESTION # 2
Wireshark Installation Steps:
– Navigate to the Wireshark homepage: http://www.wireshark.org
– Find the heading titled Latest Release and click the link called Stable: Wireshark 1.10.2
– A new window will appear with several versions of Wireshark. Select the appropriate version of Wireshark based on the Operating System of your computer (I selected Windows Installer 64-bit for my installation).
Note: In Windows 7, click the windows start icon, right-click on Computer, then select Properties. A window will display showing information about your computer. The type of Operating System will be displayed and whether or not you are running a 64-bit or 32-bit version.
– After selecting the appropriate version of Wireshark, a pop-up window appears asking if you would like to run or save. Select save.
– Next, navigate to the location where you saved the file and double-click it. If a security pop-up window appears select Yes.
Cyber Security
Order Custom essay now
– The Wireshark Setup Wizard will open; select Next to proceed. Subsequently, a license agreement will appear and you will need to select I Agree to continue.
– Next, a pop-up box will appear where you can choose which components you would like to install. I left the default settings (all boxes checked). Select Next.
– After the previous step, another pop-up box will display for selecting additional tasks. I selected the radio button next to Desktop Icon in order to create a shortcut on the desktop. Select Next.
– The next pop-up box asks for a location for the installation of the executable. I left the default location (C:\Program Files\Wireshark). Select Next.
– Another pop-up window will appear with the option to Install WinPcap. Leave the default setting and select Install.
– During installation, WinPcap setup wizard will appear. Select Next. Click I Agree in the license agreement window; then, select Install. Select Finish in the next window.
– After WinPcap installs, select Next in the Wireshark installation window. Select Finish to complete the installation.
– Select the Wireshark Icon on your desktop to launch the program.
Cyber Security
Order Custom essay now
Wireshark Display Filter:
A packet-sniffing tool such as Wireshark is commonly used to troubleshoot network related problems; however, it can also be used maliciously to spy on unsuspecting members of a network (Goodrich & Tamassia, 2010). When using a packet sniffer either for troubleshooting or malicious purposes, one of the main challenges is finding the data related to the problem you are working on. This is where Wireshark’s filter feature comes in handy. A user can use Wireshark’s display filter to whittle down a significant amount of network traffic to hone in on specific types of network traffic. A filter can be created by typing in the correct stream in the filter window, by right-clicking a packet or protocol header and choosing Apply As Filter, or by clicking the Expression button beside the filter screen and checking off what you’d like (Walker, 2011). When troubleshooting connectivity issues between two devices, a conversation filter can be created to show the communication occurring between both devices. Conversation filters are created by right-clicking on a specific packet conversation between source and destination address and selecting conversation filter. For examples of other types of filters, see below.
Display filter
Explanation
Example
Cyber Security
Order Custom essay now
&&
The AND condition can be used to find packets that have specific source and destination addresses
(ip.src==192.168.1.2) && (ip.dst==127.0.0.1)
ip.src==
and tcp.flags.syn==1
Shows the three-way handshake for a connection from host 127.0.0.1
ip.src==127.0.0.1 and tcp.flags.syn==1
tcp.port eq
Shows only SMTP port 25 traffic
tcp.port eq 25
! (ip.addr ==)
Filters out an IP if it is either the source or destination address
! (ip.addr == 127.0.0.1)
tcp[12:1] & 0xf0 ) >> 2
Filter looks for HTTP GET requests by searching for the bytes “G”, “E”, “T”
(Graves, 2010)
port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
