Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Network Security Analysis - Doc

Verified

Added on 2021/05/30

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Wireshark
Name
Subject
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2
Network Security Analysis
Question 1.
Explain how you performed the packet capture and deciphered the data.
Answer
Packet capture
When one downloads and install Wireshark, he might unveil it and then double-click the
title of a web line under Capture to capture packets that are on the interface1. For instance, if one
intends to capture traffics on his wireless networks, he should click his wireless interface. One
can organize advanced structures by pressing Capture > Options.
1 Davidoff, Sherri, and Jonathan Ham. Network forensics: tracking hackers through cyberspace. Vol. 2014. Upper
Saddle River: Prentice hall

3
Immediately after one clicks the interface’s label, the packets will start appearing.
Wireshark captures all packets sent from or to the systems. If he has promiscuous mode
activated, it is activated by default and he/she will as well experience each of the other packets
on the system instead of packets that are only addressed to the net adapter. To check whether the
promiscuous approach is activated, click Capture > Options as well as confirm the "activate
wanton mode on each interface" checkbox is initiated at the base of the window2.
2 Sanders, Chris. Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch
Press,

4
When one intends to end traffic capturing, he/she should click the “Stop” button that is red,
found near the left corner of the window at the top3.
3 Bejtlich, Richard. The practice of network security monitoring: understanding incident detection and response. No
Starch Press,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5
Data decipher
Dissecting a whole packet will typically comprise a number of dissectors because each
procedure has its specific dissector4. As Wireshark attempts to get the ideal dissector for every
packet (by use of heuristics “guessing” and static “routes”), it might pick wrong dissectors in
specific cases. The Enabled Procedures dialog boxes let one disable or enable specific
procedures. All procedures are activated by default. If a protocol is inactivated, Wireshark stops
to process a packet each time that procedure comes across.
To disable or enable protocols choose to Analyze → Enabled Procedures…. Wireshark will
bring the “Enabled Protocol” dialog boxes as illustrated in Diagram 10.4, i.e.: “The “Enabled
Protocol” dialog box”5.
4 Sanders, Chris, and Jason Smith. Applied network security monitoring: collection, detection, and analysis.
Elsevier,
5 Urias, Vincent, Brian Van Leeuwen, and Bryan Richardson. "Supervisory Command and Data Acquisition
(SCADA) system cyber security analysis using a live, virtual, and constructive (LVC) testbed." In Military
Communications Conference, 2012-MILCOM 2012, pp. 1-8. IEEE

6
To enable or disable a procedure, one should just click it by use of the mouse or by
pressing the space bar whenever the procedure is selected6. It is important to note that, by typing
the initial letters of any protocol title when the Enabled Protocol dialog chamber is enabled will
briefly open search text boxes and automatically choose the initial matching procedure name
(when it exists). To save one's settings it is necessary to click the Save key. The Apply or
OK button will not save the changes eternally and the changes will be missing after closing the
Wireshark.
One can select from the following activities:
The "Decode As" usefulness lets one incidentally redirect particular convention analyzations.
This can be helpful for instance, on the off chance that you do some unprecedented tests on your
system7. Decode As is gotten to by choosing the Analyze → Decode As…. Wireshark will
appear the "Decode As" chat box as demonstrated in Figure 10.5, i.e. “The "Decoding As" chat
box".
6 Beasley, Christopher, G. Kumar Venayagamoorthy, and Richard Brooks. "Cyber security evaluation of
synchrophasors in a power system." In Power Systems Conference (PSC),
7 Arora, Anshul, Shree Garg, and Sateesh K. Peddoju. "Malware detection using network traffic analysis in android
based mobile devices." In Next generation mobile apps, services and technologies (NGMAST), 2014 eighth
international conference on, pp. 66-71. IEEE,

7
The features of this chat box rely upon the packet selected when it was opened. The
settings will be misplaced when one quit Wireshark or if one changes profile unless he/she save
the access key in the SUSD (Show User Specified Decode). The chat box demonstrates the
currently active User indicated decodes8. The entry key might be kept into the current profile for
the future session.
8 Chappell, Laura. Wireshark 101: Essential Skills for Network Analysis-Wireshark Solution Series. Laura Chappell
University,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

8
Question 2
Explain the communication-taking place between your machine and the web server.
Answer:
Several links between the webserver and machine occur at Transmission Control
Protocols/Internet Protocols (TCP/IP) pile. Hyper Text Transfer Protocol (HTTP), applied for
transporting website pages9. TCP/IP stack is made up of four layers which are: Network,
Internet, Transport, and Application. There are diverse protocols that are utilized to regulate the
movement of data at each layer, and all are computer programs (running on the PC) that are
applied to arrange the data into a packet when moving down the Transmission Control
9 Hunt, Ray, and Sherali Zeadally. "Network forensics: an analysis of techniques, tools, and trends." Computer 45,
no. 12

9
Protocol/Internet Protocol stacks. Packets are made by a combination of the TCP or UDP
(Transport Layer title), the Application Layer information, as well as the IP layer title (the Layer
take the packets and then turn it into frames)
The Transport Layer is in charge of relegating source as well as goal port numbers to
applications. The Transport Layer for tending to use port numbers where they run from 1 to
65,535. Port numbers from 0 to 1023 are known as "well-known ports10. The port numbers
underneath 256 are saved for open (standard) benefits that keep running at the Application
Layer. Here are two or three: 80 for HTTP, 53 for DNS (UDP for area determination and TCP
for zone exchanges), and 25 for SMTP. Ports numbering from 1024 to 65,535 are utilized for
customer-side applications - the website program being used by the machine to peruse this page.
The Application Layer comprises of all applications that utilize the system to transport
information. Applications transfer information to the subsequent layer in the TCP/IP stack and
after that keep on performing different capacities until the point when an answer is gotten. The
Application Layer utilizes host terms (such as www.dalantech.com) for tending to11. Cases of
application layer conventions: SMTP - electronic mail, HTTP - web perusing, DNS - settling
hostnames to the IP addresses. The primary reason for the Application Layer is to give a request
as well as language structure among applications which, are running on various operating
frameworks - like a translator. The information that is sent by an application that uses the system
10 Asrodia, Pallavi, and Hemlata Patel. "Network traffic analysis using packet sniffer." International journal of
engineering research and applications 2, no
11 Hunt, Ray, and Sherali Zeadally. "Network forensics: an analysis of techniques, tools, and trends." Computer 45,
no. 12

10
is designed to fit in with one of a few set principles. The accepting PC can comprehend the
information that is being sent regardless of whether it is running an unexpected operating
framework in comparison to the sender because of the measures that all system applications
adjust to.
The Internet Layer acts like the "adhesive" that clamps networking together where it allows the
transfer, receiving, as well as routing of information.
The Network Layer comprises of one’s NIC (Network Interface Card) as well as the cable linked
to it. Data is transmitted and received by the physical medium. The Network Layer utilizes MAC
(Media Access Control) addresses, talked about prior, for an address. The Media Access Control
address is settled at the time an interface was made and cannot be altered12. There are a couple of
special cases, such as DSL switches that enable ones to clone the Media Access Control address
of the Network Interface Card in the computer.
Question 3
Write a report on the technology used to implement this https site giving an overview of
how it works history of the technology & advantages/disadvantages of the security methods
adopted.
Solution
12 Hunt, Ray, and Sherali Zeadally. "Network forensics: an analysis of techniques, tools, and trends." Computer 45,
no. 12

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

11
Being extensively utilized on the HTTPS (Hypertext transfer protocol secure) or HTTP
(internet hypertext transfer protocol) is an allowance for safe communications over a PC
network. The communication protocol is encoded by TLS (Transport Layer Security) in the
Hypertext transfer protocol secure or its precursor SSL (Secure Sockets Layer).This protocol can
likewise be denoted to a HTTP over SSL, or HTTP over TLS13. It is the administrator obligation
to generate a public key license for the website server to make a website server receive HTTPS
links. For a web browser to consent to it deprived of warning the certificate must be signed by a
dependable certificate authority.
Consequently, the protocol is as well often known as hypertext transfer protocol over
SSL or hypertext transfer protocol over TLS. To make website servers to take HTTPS links, the
administrator should generate public key certificates for the website servers. This license should
be approved by a trusted licensing body for the website browser to take it without any warning.
The certificate owner is certified by the authority as the regulator of the website server that
grants it. In the year 1994 Netscape Communication produced HTTPS aimed at its Netscape
Navigator website browser. HTTPS was formerly utilized with SSL procedure. HTTPS was
officially detailed by a tool known as RFC 2818 in the year 2000 as SSL advancd into TLS
(Transport Layer Security).HTTPS connections historically were mainly utilized for
disbursement dealings on the email, World and for delicate transactions in corporate information
systems
13 Chappell, Laura. Wireshark 101: Essential Skills for Network Analysis-Wireshark Solution Series. Laura Chappell
University

12
Originally, hypertext transfer protocol links were basically utilized for installment
exchanges on the email, World Wide Website and for delicate businesses in corporate data
frameworks. Since 2018, hypertext transfer protocol (HTTPS) is utilized more frequently by
website users than the first non-secure hypertext transfer protocol, essentially to ensure page
credibility on a wider range of sites; secure records; and keeping client communication,
personality, as well as website perusing private14.
Benefits of HTTPS
o Data Honesty: When information is sent free, it is feasible for an outsider to get in
between the browser and the server and access everything, however, much more terrible,
when they access it, they may transform it.
o Identity Confirmation: A certificate ensures the data a program is getting begins in the
normal space. It is a certification that when a client sends delicate information, it's being
sent to the intended place, and not to a malevolent outsider
o SEO: Google desires to transfer its clients to safe sites hence making HTTPS links a rank
signal.
o Trust: Lastly, the green padlock shows that when one takes safety seriously, it helps to
give clients assurance.
Disadvantage
14 Sanders, Chris, and Jason Smith. Applied network security monitoring: collection, detection, and analysis.
Elsevier

13
o HTTPS may reduce the AdSense earning
o HTTPS might affect the Google PageRank
o BlogSpot Images possess absolute routes and are not relative
o HTTPS is never 301 transmitted to https
o HTTPS might make widgets to stop functioning on one’s blog
Question 4
4-realestateagent.com utilizes the hypertext transfer protocol reaction header (Wang, Xu,
& Yan, 2010). A HTTP reaction header principally empowers imparting and reacting to client
demands got on a Web server or the site. A HTTP reaction header works when a site page or
hypertext transfer protocol application is created from the customer's Website program. This
demand is gotten as a HTTP request header to the Web server containing the source address,
asked for information and its arrangement and other information15. The Web server reacts back
by making a hypertext transfer protocol reaction header and joining the required information
with it. The data implanted with the HTTP reaction header incorporates the goal IP address, type
of information, host addresses, etc.
As https://paypal.com utilizes the hypertext transfer protocol security (HTTPS) reaction
header, not to nit-pick, but rather information toward the end is additionally unscrambled, and
might be parsed, read, spared, sent, or disposed of freely. Additionally malware at either end
might take depictions of information entering (or leaving) the SSL convention -, for example,
15 Bejtlich, Richard. The practice of network security monitoring: understanding incident detection and response.
No Starch Press,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

14
(terrible) JavaScript inside a page inside hypertext transfer protocol security (HTTPS) might
secretly make HTTP (or https) calls to logging sites (since access to neighborhood hard drive is
frequently limited and not important). Likewise, cookies are not scrambled under the HTTPS
convention, either. Engineers trying to store delicate information in cookies (or anyplace else so
far as that is concerned) need to utilize their own particular encryption system16. As to store,
most present-day programs will not reserve HTTPS pages, however that reality is not
characterized by the HTTPS convention, it is altogether reliant on the engineer of a program to
make certain not to cache web pages got via HTTPS
Bibliography
16 Bejtlich, Richard. The practice of network security monitoring: understanding incident detection and response.
No Starch Press

1 out of 14

+13062052269

info@desklib.com

Network Security Analysis - Doc

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Wireshark Live Capture of Websites

Exploring the Dark Web and Cybersecurity Tools