CSG 3308 - Wireless Security: Detailed Live Packet Capture Analysis
VerifiedAdded on 2023/06/11
|13
|2627
|143
Report
AI Summary
This report presents an analysis of an organization's wireless network security based on captured live packets, prompted by suspicions of a member's involvement in organized crime. Conducted using Wireshark, the analysis covers aspects like port scanning, hypertext transfer protocol filtering, and transmission control protocol analysis (retransmissions, duplicate ACKs, keep-alive, out-of-order packets, and RST). The report identifies anomalies, such as suspicious port scan activity from a specific IP address, large data transfers during off-hours, and out-of-order message sequences. The conclusion points to a member associated with a particular IP address as potentially responsible for malicious activities, citing evidence of port scanning and unusual data transmission patterns. Recommendations include identifying and addressing the member involved and improving the wireless network design to prevent out-of-order packet delivery.
1
Wireless Security
Name
Student Id
Lecturer Name
University
Wireless Security
Wireless Security
Name
Student Id
Lecturer Name
University
Wireless Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2
Wireless Security
Abstract.......................................................................................................................................................3
Introduction.................................................................................................................................................4
Scanning of the ports...................................................................................................................................5
Hypertext transfer protocol filter................................................................................................................6
TCP analysis.................................................................................................................................................6
Transmission Control Protocol retransmission.......................................................................................6
Transmission Control Protocol Duplicate ACK.........................................................................................7
Transmission Control Protocol keep alive................................................................................................7
Transmission Control Protocol out of order............................................................................................8
Transmission control protocol RST..........................................................................................................9
Looking for secret information shared by a member..................................................................................9
Expert information....................................................................................................................................10
Conclusion.................................................................................................................................................11
Recommendation......................................................................................................................................11
Appendix...................................................................................................................................................12
TCP keep alive........................................................................................................................................12
Port scan................................................................................................................................................12
REFERENCES..............................................................................................................................................13
Wireless Security
Abstract.......................................................................................................................................................3
Introduction.................................................................................................................................................4
Scanning of the ports...................................................................................................................................5
Hypertext transfer protocol filter................................................................................................................6
TCP analysis.................................................................................................................................................6
Transmission Control Protocol retransmission.......................................................................................6
Transmission Control Protocol Duplicate ACK.........................................................................................7
Transmission Control Protocol keep alive................................................................................................7
Transmission Control Protocol out of order............................................................................................8
Transmission control protocol RST..........................................................................................................9
Looking for secret information shared by a member..................................................................................9
Expert information....................................................................................................................................10
Conclusion.................................................................................................................................................11
Recommendation......................................................................................................................................11
Appendix...................................................................................................................................................12
TCP keep alive........................................................................................................................................12
Port scan................................................................................................................................................12
REFERENCES..............................................................................................................................................13
3
Wireless Security
Abstract.
The recent suspicion of involvement of one of the members in the organization, in an
organized crime did prompt for a packet capturing of all the wireless network activities in the
company. The captured live packets on the organization’s wireless network were then submitted
to a wireless network expert for analysis, reporting and documentation of the live packet capture.
This is a full wireless security report based on the captured live packets as requested by the boss
of the company. The analysis has been done using Wire shark, the best tool for trouble-shooting ,
optimizing and maintaining security, to pin point the person that is suspected to have been
involved in the organized crime and the activities associated with the organized crime. This
report is the analysis of every activity in the organization’s wireless network to identify any
anomalies in the network. The anomalies are what will help in the deduction of the person
involved in the crime and what criminal activities the person or the member of the organization
may be involved in.
Wireless Security
Abstract.
The recent suspicion of involvement of one of the members in the organization, in an
organized crime did prompt for a packet capturing of all the wireless network activities in the
company. The captured live packets on the organization’s wireless network were then submitted
to a wireless network expert for analysis, reporting and documentation of the live packet capture.
This is a full wireless security report based on the captured live packets as requested by the boss
of the company. The analysis has been done using Wire shark, the best tool for trouble-shooting ,
optimizing and maintaining security, to pin point the person that is suspected to have been
involved in the organized crime and the activities associated with the organized crime. This
report is the analysis of every activity in the organization’s wireless network to identify any
anomalies in the network. The anomalies are what will help in the deduction of the person
involved in the crime and what criminal activities the person or the member of the organization
may be involved in.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4
Wireless Security
Introduction
This report covers the analysis of the organization’s wireless network analysis. It covers all the
aspects of network security like the port scan, the hypertext transfer protocol filter, analysis of
transmission control protocols, analysis of internet control message protocol, TCP keep live,
TCP RST, ACK and TCP out of order. The reports aim is to find a member of the organization
responsible for a serious crime and it therefore calls for network security scans like scanning for
ports scan. Port scan is prioritized for that matter. For each analysis the report contains the
evidence for the presence of the various problems mentioned. For instance the packet data that
was evaluated for a port scan and out of order. There is also a conclusion section that
summarizes all the findings and details of the report. After the conclusion a recommendation is
given on how to deal with the various problems encountered during the analysis of the wireless
network in the organization.
Wireless Security
Introduction
This report covers the analysis of the organization’s wireless network analysis. It covers all the
aspects of network security like the port scan, the hypertext transfer protocol filter, analysis of
transmission control protocols, analysis of internet control message protocol, TCP keep live,
TCP RST, ACK and TCP out of order. The reports aim is to find a member of the organization
responsible for a serious crime and it therefore calls for network security scans like scanning for
ports scan. Port scan is prioritized for that matter. For each analysis the report contains the
evidence for the presence of the various problems mentioned. For instance the packet data that
was evaluated for a port scan and out of order. There is also a conclusion section that
summarizes all the findings and details of the report. After the conclusion a recommendation is
given on how to deal with the various problems encountered during the analysis of the wireless
network in the organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5
Wireless Security
Scanning of the ports
To establish whether the packet was vulnerable to external attack where an attacker gains access
to the network by evaluating and trying out the ports (Sanders 2018, May 30).
There was a ports scan attack where an attacker sends the packets to the same port for a given
duration of time (Sanders 2017). The attacker tends to gain information about the organization
wireless network. Once the attacker knows the structure and the design of the organization’s
wireless network he or she is able to design channels to gain access to the organization’s wireless
network. After gaining access he or she did whatever he or she desired with the wireless
network.
From the above image of the port scan attack, packets 448189, 570523 and 608737 have the
same source and destination which becomes very suspicious. In the three packets an attacker
sends messages repeatedly to internet protocol 34.237.135.137 through port 66 to identify the
vital security issues about the organization’s wireless network security. The organization’s
wireless security information maybe the vulnerabilities or weaknesses on the authentication
processes, authorization processes like the passwords and the access levels of the various
members of the organization. It is therefore likely that the organization’s wireless network was
invaded by a malicious attacker who had malicious reasons.
Wireless Security
Scanning of the ports
To establish whether the packet was vulnerable to external attack where an attacker gains access
to the network by evaluating and trying out the ports (Sanders 2018, May 30).
There was a ports scan attack where an attacker sends the packets to the same port for a given
duration of time (Sanders 2017). The attacker tends to gain information about the organization
wireless network. Once the attacker knows the structure and the design of the organization’s
wireless network he or she is able to design channels to gain access to the organization’s wireless
network. After gaining access he or she did whatever he or she desired with the wireless
network.
From the above image of the port scan attack, packets 448189, 570523 and 608737 have the
same source and destination which becomes very suspicious. In the three packets an attacker
sends messages repeatedly to internet protocol 34.237.135.137 through port 66 to identify the
vital security issues about the organization’s wireless network security. The organization’s
wireless security information maybe the vulnerabilities or weaknesses on the authentication
processes, authorization processes like the passwords and the access levels of the various
members of the organization. It is therefore likely that the organization’s wireless network was
invaded by a malicious attacker who had malicious reasons.
6
Wireless Security
Hypertext transfer protocol filter
This gives information on the version of the hypertext transfer protocol version, the time
intervals, the server used in the communication, the details of the communication and the
characters used in the communication (Wondracek et.al 2008, February).
For this case there is no hypertext transfer communication at all.
TCP analysis
Transmission Control Protocol retransmission and Transmission Control Protocol
spurious retransmission (Karthik & Pramod 2011, February 11)
Transmission Control Protocol retransmission means that a message has been sent but the
receiver cannot receive unless the message is retransmitted by the sender. The Transmission
Wireless Security
Hypertext transfer protocol filter
This gives information on the version of the hypertext transfer protocol version, the time
intervals, the server used in the communication, the details of the communication and the
characters used in the communication (Wondracek et.al 2008, February).
For this case there is no hypertext transfer communication at all.
TCP analysis
Transmission Control Protocol retransmission and Transmission Control Protocol
spurious retransmission (Karthik & Pramod 2011, February 11)
Transmission Control Protocol retransmission means that a message has been sent but the
receiver cannot receive unless the message is retransmitted by the sender. The Transmission
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
7
Wireless Security
Control Protocol retransmissions are quite normal but when experienced too frequently, they
become abnormal. The occurrence of the Transmission Control Protocol retransmission only
happens with transmissions between internet protocol addresses 192.168.43.212 and
184.72.247.8. Whether either of them is sending or receiving a message in the wireless network.
This raises suspicion on the two members with the two internet protocol addresses, why is it that
every time they sent information it has to be resent, it may be due to their clearance or access
level that may not be permitting them to share the information.
Transmission Control Protocol Duplicate ACK
Duplicate ACK are observed on port 66 and are very frequent. This means there has been a large
transfer of messages through port 66 and there was congestion, where the messages could not be
completely sent once and therefore had to be sent twice for it to be received. This is an anomaly,
why would a member of an organization want to send a large amount of message to the same
person from time to time.
At 64.207776 which is Thursday, January 1, 1970 12:01:04.207 AM (Misja 2018, May 30) internet
protocol address 192.168.43.212 receives a huge message to internet protocol address
184.72.247.8. Why would someone send information at twelve after midnight when it is not the
working hours of the organization. This is weird for members of the organization to send huge
amounts of information at wee hours of the night.
The time between the two Transmission protocols duplicate ACKs is a split second just almost
the same time. This can also be done to prevent or avoid packet loss where one sends packets
through the wireless network and the receiver does not get the whole packet as sent by the
sender.
Transmission Control Protocol keep alive
Keep alive is used to establish whether the connection between the two hosts is still valid
(Kaushik & Joshi 2010). 192.168.43.212 sends a transfer control protocol packet to 74.125.71.188
Wireless Security
Control Protocol retransmissions are quite normal but when experienced too frequently, they
become abnormal. The occurrence of the Transmission Control Protocol retransmission only
happens with transmissions between internet protocol addresses 192.168.43.212 and
184.72.247.8. Whether either of them is sending or receiving a message in the wireless network.
This raises suspicion on the two members with the two internet protocol addresses, why is it that
every time they sent information it has to be resent, it may be due to their clearance or access
level that may not be permitting them to share the information.
Transmission Control Protocol Duplicate ACK
Duplicate ACK are observed on port 66 and are very frequent. This means there has been a large
transfer of messages through port 66 and there was congestion, where the messages could not be
completely sent once and therefore had to be sent twice for it to be received. This is an anomaly,
why would a member of an organization want to send a large amount of message to the same
person from time to time.
At 64.207776 which is Thursday, January 1, 1970 12:01:04.207 AM (Misja 2018, May 30) internet
protocol address 192.168.43.212 receives a huge message to internet protocol address
184.72.247.8. Why would someone send information at twelve after midnight when it is not the
working hours of the organization. This is weird for members of the organization to send huge
amounts of information at wee hours of the night.
The time between the two Transmission protocols duplicate ACKs is a split second just almost
the same time. This can also be done to prevent or avoid packet loss where one sends packets
through the wireless network and the receiver does not get the whole packet as sent by the
sender.
Transmission Control Protocol keep alive
Keep alive is used to establish whether the connection between the two hosts is still valid
(Kaushik & Joshi 2010). 192.168.43.212 sends a transfer control protocol packet to 74.125.71.188
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8
Wireless Security
to establish whether they are still connected or the connection between them is still live.
74.125.71.188 sends back another transmission control protocol to 192.168.43.212 claiming that
it has changed that it has changed its connection therefore the connection between the two
internet protocol addresses is terminated. There is no more conversation between the two
members with the two addresses.
Transmission Control Protocol out of order
Transmission control out of order is when the messages or information send in the wireless
network of the organization is received in a different sequence from the one it is supposed to or
from the one it was send with. This is caused by the different channels the messages will pass
through to reach their expected destination or the network infrastructure was designed in a way
as not to preserve the order in which the messages sent through the organization’s wireless
network is supposed to be received.
In the above packet filter the information on packet 868, the order in which a member on internet
protocol 192.188.43.212 receives messages from the source is different from the order in which
the sender, a member using internet protocol 23.21.194.243 did sent the message. The cause
maybe the different channels through which the information passes to reach destination or the
network design of the organization’s wireless network.
Transmission control protocol out of order is not a major problem because the Transmission
Control Protocol is supposed to reassemble the packet and rearrange the order of the message to
appear as intended but in this case the Transmission control protocol does not reassemble the
order of the messages send. Therefore the message retrieved by 192.188.43.212 is not arranged
in the same sequence as the one sent by 23.21.194.243.
Wireless Security
to establish whether they are still connected or the connection between them is still live.
74.125.71.188 sends back another transmission control protocol to 192.168.43.212 claiming that
it has changed that it has changed its connection therefore the connection between the two
internet protocol addresses is terminated. There is no more conversation between the two
members with the two addresses.
Transmission Control Protocol out of order
Transmission control out of order is when the messages or information send in the wireless
network of the organization is received in a different sequence from the one it is supposed to or
from the one it was send with. This is caused by the different channels the messages will pass
through to reach their expected destination or the network infrastructure was designed in a way
as not to preserve the order in which the messages sent through the organization’s wireless
network is supposed to be received.
In the above packet filter the information on packet 868, the order in which a member on internet
protocol 192.188.43.212 receives messages from the source is different from the order in which
the sender, a member using internet protocol 23.21.194.243 did sent the message. The cause
maybe the different channels through which the information passes to reach destination or the
network design of the organization’s wireless network.
Transmission control protocol out of order is not a major problem because the Transmission
Control Protocol is supposed to reassemble the packet and rearrange the order of the message to
appear as intended but in this case the Transmission control protocol does not reassemble the
order of the messages send. Therefore the message retrieved by 192.188.43.212 is not arranged
in the same sequence as the one sent by 23.21.194.243.
9
Wireless Security
Transmission control protocol RST
RST (Baxter 2014) tries to acknowledge the presence of a packet send with a previous ACK that
was closed. Therefore it puts the two packets together the previous packet and the current packet.
This causes an abnormal termination of the Transmission Control Protocol but is not treated as a
problem.
A packet that has been sent successfully is terminated using RST alone and not RST,ACK or
FIN, ACK. The use of RST to terminate a packet is a fast and efficient way of terminating a
packet because it either blocks a number of resources or none at all. Terminating a transfer
protocol packet using FIN, ACK as seen in the above image is not normal because it is slow and
blocks resources from access by other packets.
Looking for secret information shared by a member
When looking for secretive information or messages shared by the members of the organization,
a filter of icmp (Kaushik & Joshi 2010) packets was done to identify whether there were anomalies
with the way the members of the organization shared the organization’s information. This is
where abnormal activities like ping between two members of an organization are checked. For
instance if two members in the organization ping each other it would raise concern as to why
they were pinging each other in the organization’s wireless network. The image below represents
the icmp packet filter (Bansal et.al 2013, April).
Wireless Security
Transmission control protocol RST
RST (Baxter 2014) tries to acknowledge the presence of a packet send with a previous ACK that
was closed. Therefore it puts the two packets together the previous packet and the current packet.
This causes an abnormal termination of the Transmission Control Protocol but is not treated as a
problem.
A packet that has been sent successfully is terminated using RST alone and not RST,ACK or
FIN, ACK. The use of RST to terminate a packet is a fast and efficient way of terminating a
packet because it either blocks a number of resources or none at all. Terminating a transfer
protocol packet using FIN, ACK as seen in the above image is not normal because it is slow and
blocks resources from access by other packets.
Looking for secret information shared by a member
When looking for secretive information or messages shared by the members of the organization,
a filter of icmp (Kaushik & Joshi 2010) packets was done to identify whether there were anomalies
with the way the members of the organization shared the organization’s information. This is
where abnormal activities like ping between two members of an organization are checked. For
instance if two members in the organization ping each other it would raise concern as to why
they were pinging each other in the organization’s wireless network. The image below represents
the icmp packet filter (Bansal et.al 2013, April).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
10
Wireless Security
The image has no activities in the table meaning there were no internet control message protocol
activities between the members of the organization.
Expert information
This is the expert information on the analyzed live captured packets. There are warnings of an
out of order transfer control protocol in the segment, there is a warning of a DNS response
retransmission and query retransmission. There are spurious retransmissions and suspected
retransmissions.
Wireless Security
The image has no activities in the table meaning there were no internet control message protocol
activities between the members of the organization.
Expert information
This is the expert information on the analyzed live captured packets. There are warnings of an
out of order transfer control protocol in the segment, there is a warning of a DNS response
retransmission and query retransmission. There are spurious retransmissions and suspected
retransmissions.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11
Wireless Security
Conclusion
The above analysis of the system has proved that the member of the organization using the
internet protocol address is responsible or took part in the serious crime that may have crippled
the organization. First there is evidence of a port scan where packets are repeatedly sent from the
internet protocol address 192.168.43.212 to 34.237.135.137 through port 66. Port scans are most
commonly used by attackers to identify the vulnerabilities of a network for malicious reasons
either gaining access privileges one is not entitled to, gaining unauthorized access to information
or crippling the organization’s network. Denial of service attacks and denial of access attacks can
also be administered after acquiring important information about a network through the port
scan.
The member of the organization using internet protocol 192.168.43.212 is also observed to be
sending huge amounts of data at wee hours in the morning like 12:04 after midnight. This is
evident that the member is involved in a given crime where he or she used the information
acquired from the port scan to gain access to certain information, the information he or she
acquired is the one being sent during the wee hours of 12:04 after midnight. Which is an
indication that the person stays late in the night, in the organization offices to administer the
malicious activities.
Apart from identifying the member of the organization responsible for the serious crime in the
organization, the organization wireless network design and structure was also found to have a
problem. There is the out of order anomaly where the sequence in which messages are sent by a
sender in the network, is not the sequence in which the same messages are received by the
destination. This is caused by the existence of different channels in which the message goes
through from the source to reach its destination. The existence of the different channels is
brought about by poor design of the wireless network of the organization.
Recommendation
The member using the internet protocol address 192.168.43.212 should be identified as the
person responsible for the serious crime against the organization.
A firewall should be put in place to filter every event performed in the host computers of the
organization. With the presence of the firewall activities like a ports scan can be identified in real
time as they happen.
The structure of the organization’s wireless network connection should be redesigned or
restructured so as to avoid out of order of the received messages or information sent in the
wireless network.
Wireless Security
Conclusion
The above analysis of the system has proved that the member of the organization using the
internet protocol address is responsible or took part in the serious crime that may have crippled
the organization. First there is evidence of a port scan where packets are repeatedly sent from the
internet protocol address 192.168.43.212 to 34.237.135.137 through port 66. Port scans are most
commonly used by attackers to identify the vulnerabilities of a network for malicious reasons
either gaining access privileges one is not entitled to, gaining unauthorized access to information
or crippling the organization’s network. Denial of service attacks and denial of access attacks can
also be administered after acquiring important information about a network through the port
scan.
The member of the organization using internet protocol 192.168.43.212 is also observed to be
sending huge amounts of data at wee hours in the morning like 12:04 after midnight. This is
evident that the member is involved in a given crime where he or she used the information
acquired from the port scan to gain access to certain information, the information he or she
acquired is the one being sent during the wee hours of 12:04 after midnight. Which is an
indication that the person stays late in the night, in the organization offices to administer the
malicious activities.
Apart from identifying the member of the organization responsible for the serious crime in the
organization, the organization wireless network design and structure was also found to have a
problem. There is the out of order anomaly where the sequence in which messages are sent by a
sender in the network, is not the sequence in which the same messages are received by the
destination. This is caused by the existence of different channels in which the message goes
through from the source to reach its destination. The existence of the different channels is
brought about by poor design of the wireless network of the organization.
Recommendation
The member using the internet protocol address 192.168.43.212 should be identified as the
person responsible for the serious crime against the organization.
A firewall should be put in place to filter every event performed in the host computers of the
organization. With the presence of the firewall activities like a ports scan can be identified in real
time as they happen.
The structure of the organization’s wireless network connection should be redesigned or
restructured so as to avoid out of order of the received messages or information sent in the
wireless network.
12
Wireless Security
Appendix
TCP keep alive
Port scan
Wireless Security
Appendix
TCP keep alive
Port scan
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.