Task 1:
The first thing needed to do in the lab was connect to all of the virtual machines and apps. We then used the Linux sniffer to watch the two networks, one on the ip 192.168.100.5 and the other with the ip 10.10.19.202 this then meant we had to set up the sniffer to use these two networks to intercept the data and receive packages from each line. To do this we sent pings from one machine to the other and the sniffer received these pings at the same time as the other machine. We then used the wire shark in order to view the intercepted packages.
 |
| This shows the packages received by the sniffer |
1. Does a network interface on a sniffer machine require an IP Address?
No, the sniffer doesn't require an IP address, it wants to remain invisible to the other machines in order to intercept messages undetected.
2. In what mode does a sniffer’s network interface operate?
The sniffer operates in promiscuous mode.
3. How do you determine available switches for tcpdump?
The command --help shows the switches.
4. How can you display all of the network interfaces in Linux?
The command ifconfig -a views all the available interfaces on the system.
Task 2:
This task we used the sniffer and wire shark to view the user name and password of the person logging onto the windows 7 terminal and the back attack 4 terminal using both sides of the networks. We used wireshark to start a connection with the line and then filter the packages received to ftp to get the username and password in clear text.
1. Do FTP usernames and passwords appear in clear text?
They do when intercepted by wireshark on the Linux sniffer.
2. How do you choose the interface to capture on within Wireshark?
You select capture, interfaces and then select eth0 or eth1 depending what line you want to view.
3. How do you filter for a certain protocol within the Wireshark program?
There is a filter bar at the top which you type into, for example ftp.
4. How do you open the Wireshark program from the terminal in Linux?
Type Wireshark into the root@bt bar.
Task 3:
Task three we had to open network miner, start the program on a certain line, then view two internet pages. We then stopped the miner and viewed the files it had captured. When the files were opened, they were the two pages that were viewed on the internet which were captured.
1. What kind of tool is Network Miner?
Network Miner is a network forensic analysis tool, which can capture images and files.
2. On what operating systems will the Network Miner program run?
It runs on windows operating systems.
3. How do you parse out web pages of visited sites in Network Miner?
You go to the files tab and then open the available information there.
4. What needs to be configured within Network Miner prior to capturing data?
The network adapter need to be configured to the right network connection.
No comments:
Post a Comment