Lab #5 – Assessment Worksheet Performing Packet Capture and Traffic Analysis
CDS344 - Information Security Course Name and Number: _____________________________________________________ Christian Tiell Student Name: ________________________________________________________________ Scott Blough Instructor Name: ______________________________________________________________

Lab Due Date: ________________________________________________________________ Overview In this lab, you used common applications to generate traffic and transfer files between the machines in this lab. You captured data using Wireshark and reviewed the captured traffic at the packet level, and then you used NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing a complete packet capture, to review the same traffic at a consolidated level. Lab Assessment Questions & Answers
1. Why would a network administrator use Wireshark and NetWitness Investigator together?
Wireshark - it is better at performing analysis NetWitness - it is better at performing captures

2. What was the IP address for LanSwitch1?
172.16.8.5

3. When the 172.16.8.5 IP host responded to the ICMP echo-requests, how many ICMP echo-reply packets were sent back to the vWorkstation?
23

4. What was the terminal password for LanSwitch 1 and LanSwitch 2?
Cisco

5. When using SSH to remotely access a Cisco router, can you see the terminal password? Why or why not?
No, one could not view the passcode so no one should be able to hack into it.

6. What were the Destination IP addresses discovered by the NetWitness Investigator analysis?
172.30.0.8, 172.30.0.2, 172.16.0.2, 172.16.8.5, 172.17.0.2

2 | Lab #5 Performing Packet Capture and Traffic Analysis

7. Are packet-capturing tools like Wireshark less dangerous on switched LANs?
No, they are just as vulnerable

Copyright