1. ISC 3523 Research Methods
Answer:
Introduction:
The aim of this report is performing the lab on Kali-Hunt VM and Win-Hunt VM. The pcap
file will be analysed. For the analysis tools like Network miner, Wireshark and Snort will be
used and the given questions will be answered along with screenshots. From the analysis
the story of captured file will be written as well as the captured file will be run through
snort so that any triggered alerts can be triggered.
Description Of The Selected Tools:
For doing the analysis Network Miner will be used which is an open source Network
Forensics Analysis Tool for Windows OS however the tools is also accessible for operating
systems like FreeBSD, MAC OS X. The tool can be utilized as a packet capturing tool, passive
network sniffer for detecting the sessions, operating systems, open ports and host names
etc. that too without even putting any kind of traffic on the network (Adebayo, Olawale
Surajudeen, et al., 2020). Network Miner can also parse the PCAP file for off line analysis as
well as for regenerating or reassembling the certificates and transmitted files from the
PCAP files. The tool can make the things easy for performing advanced network traffic
analysis through providing extracted artifacts in the intuitive user interface (Sanders, Chris,
2017). The way the data is presented can not only make the process of analysis simpler but
also it is helpful for saving valuable time for the forensic investigator or analyst.
Along with Netminer Wireshark tool will be also used which is also a free and open source
tool that can analyse the coming traffic in the network in real time for the Mac, Windows,
Linux and Unix based systems (Kaur, Prabhjot, and Neeti Misra, 2019). The tool can also
capture data packets which are passing by the interface of the network such as SDRs, LANs
or Ethernet as well as it can also translate the data in to valuable information for the IT
professionals as well as cyber security teams. The tool can provide a series of various
display filters for transforming every packets which are captured in to a readable format. It
can provide allowance the users for identifying the causes of issues existed in network
security as well as even discover the potential cyber criminal activities. When a packet
sniffer is used in the promiscuous mode the users can make analysis of the network traffic
2. regarding of the destination (Pansari, Nikunj, and Ajay Agarwal, 2020). It provides the
power to the IT professionals in performing a quick and through diagnosis of the security of
the network.
Lastly Snort tool will be used for finding if any triggered alerts can be triggered. The tool can
be used a straight packet sniffing tool, a packet logger or like a full blown intrusion
detection system for network.
Open And Loading Captured File:
Captured file in Wireshark:
:
Performing Analysis On The Captured File:
Question a)
Answer: 505.69 seconds
Question b)
Answer: 2449
Question c)
Answer: 811157 bytes
Question d)
Answer: ARP, Browser, DHCP, DNS, FTP, FTP-DATA, HTTP, MDNS, NBNS, SSLv2, SSLv3, TCP,
TiVoConnect, UDP
Question e)
Answer: 94 - 115
Question f)
Answer: TCP SYN-ACK Handshaking protocol
Question g)
3. Answer: Yes, Yahoo/AOL
Question h)
Answer: Name of host computer: KAUFMANUPSTAIRS; IP address: 172.16.1.35
Question i)
Answer: WINDOWS XP
Question j)
Answer: cisco
Question k)
Answer: DVR 8525, KAUFMANUPSTAIRS, Cisco-LI (main router), 2WireInc (modem),
Linksys G
Question l)
Answer: No
Question m)
Answer: DVR(Tivo) , 2 modems
Story:
-r command is telling the Snort tool to read a single pcap
-c command is telling Snort to load the configuration file
Running The Captured File Through Snort:
cd Desktop/Snort/bin
snort -r C:UsersAdministratorDesktop[3523_Lab2_Capture_file.pcap] -c
172.16.2.2sharedfilesSnortetcsnort.conf
Conclusion:
Thus, it can be concluded from the report that in this paper the pcap file has been analysed
4. using windows VM. For that tools like Network Miner, Wireshark and Snort has been used.
The screenshots for the analysis have also been provided and the lab questions have also
been answered.
Bibliography:
Adebayo, Olawale Surajudeen, et al. "Analysis and Classification of some Selected Social
media Apps Vulnerability. Springer. Book collection of International conference on
Information and Communication. Part of the Communications in Computer and Information
Science book series." (2020).
Susianto, Didi, and Anisa Rachmawati. "Implementasi Dan Analisis Jaringan Menggunakan
Wireshark, Cain And Abels, Network Minner." Jurnal Cendikia 16.2 Oktober (2018): 120-
125.
Sanders, Chris. Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network
Problems. No Starch Press, 2017.
RAUT, Mrs JUITA TUSHAR. "PERFORMANCE BASED COMPARATIVE ASSESSMENT OF
DIFFERENTSECURITY TOOLS FOR WEB APPLICATION." (2020).
Kaur, Prabhjot, and Neeti Misra. "A Methodical Review on Network Traffic Monitoring &
Analysis Tools." A Journal of Composition Theory 12.9 (2019): 1964-1968.
Zain ul Abideen, Muhammad, Shahzad Saleem, and Madiha Ejaz. "VPN Traffic Detection in
SSL-Protected Channel." Security and Communication Networks 2019 (2019).
Letavay, Viliam, Jan Pluskal, and Ond?ej Ryšavý. "Network Forensic Analysis for Lawful
Enforcement on Steroids, Distributed and Scalable." Proceedings of the 6th Conference on
the Engineering of Computer Based Systems. 2019.
Pansari, Nikunj, and Ajay Agarwal. "A Comparative Study of Analysis and Investigation using
Digital Forensics." International Journal of Linguistics and Computational Applications
(IJLCA) 7.2 (2020).