Cyber Operations Report: Decision Making in Modern Cyber Warfare
VerifiedAdded on 2022/09/10
|27
|3765
|22
Report
AI Summary
This report provides a comprehensive analysis of cyber operations, encompassing key concepts such as Clausewitz's "fog of war" and its relevance in the modern information environment. It examines decision-making processes in cybersecurity, addressing challenges like uncertainty and the need for risk assessment. The report also delves into practical aspects of computer security through deep packet analysis using Wireshark, including statistical analysis of network traffic, identification of active nodes, and protocol analysis. Furthermore, it identifies and explains potential cyberattacks, such as TCP SYN floods, providing a detailed understanding of offensive and defensive cyber operations. The report concludes with a discussion on the importance of effective cybersecurity strategies and the need for adaptability in a constantly evolving threat landscape.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Cyber Operations
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction......................................................................................................................................1
Task 1...............................................................................................................................................2
1.1 Fog of war.........................................................................................................................2
1.2 Information Environment..................................................................................................2
1.3 Decision making for cyber (friction issues?)....................................................................3
1.4 Critical Discussion............................................................................................................3
Task 3...............................................................................................................................................4
3.1 Statistical Analysis............................................................................................................4
3.2 Activity Narrative and Attack Identification..................................................................14
3.3 Attack Explanation..........................................................................................................16
Overall Conclusion........................................................................................................................21
References......................................................................................................................................22
Appendix........................................................................................................................................23
Introduction......................................................................................................................................1
Task 1...............................................................................................................................................2
1.1 Fog of war.........................................................................................................................2
1.2 Information Environment..................................................................................................2
1.3 Decision making for cyber (friction issues?)....................................................................3
1.4 Critical Discussion............................................................................................................3
Task 3...............................................................................................................................................4
3.1 Statistical Analysis............................................................................................................4
3.2 Activity Narrative and Attack Identification..................................................................14
3.3 Attack Explanation..........................................................................................................16
Overall Conclusion........................................................................................................................21
References......................................................................................................................................22
Appendix........................................................................................................................................23
Introduction
The main objective of this project is develop a deep and systematic understanding and
knowledge of information of cyber operations. This project is divided into three tasks, the task 1
is will assess the understanding of making decisions in the modern information environment. The
task 2 is will assess the understanding of theoretical and practical aspects of the computer
operations and security. The Task 3 is will assess the understanding pf advanced principles in
computer security from a system perceptive.
In Task 1, this report sheds light on the Clausewitz’s theory on the fog of war and its
implementation in today’s modern enterprise information environment, including its impact. This
is an interesting topic which is debated over the preparedness of the US military for dealing with
both fog and friction in the present day battlefield. Today, fog and friction are conflicts based on
information overload, real-time technology, and cyberspace threats. The debate starts with a few
suggestion on the promises of the modern technology and information dominance. But, some
feel that overloaded information and starvation of information both could result in fog and
friction. This report presents a discussion on the fog of war, decision making for cyber,
information environment, cyber security issues, and critical analysis will be presented by the end
of this report.
In Task 2, the main objective of this task is to provide the cyber manoeuvre principles
can underpin the offensive and defensive operations in the modern information environment.
In task 3, the main aim of this task is to do deep packet analysis of the provided file, by
using the Wireshark tool. The deep packet analysis includes the following aspects such as,
Statistics analysis - Network Boundaries, Active Node, Types of protocols and
Traffic and External sources.
Activity Narrative
Attack Identification and Explanation.
All the above aspects will be analyzed and discussed in detail.
1
The main objective of this project is develop a deep and systematic understanding and
knowledge of information of cyber operations. This project is divided into three tasks, the task 1
is will assess the understanding of making decisions in the modern information environment. The
task 2 is will assess the understanding of theoretical and practical aspects of the computer
operations and security. The Task 3 is will assess the understanding pf advanced principles in
computer security from a system perceptive.
In Task 1, this report sheds light on the Clausewitz’s theory on the fog of war and its
implementation in today’s modern enterprise information environment, including its impact. This
is an interesting topic which is debated over the preparedness of the US military for dealing with
both fog and friction in the present day battlefield. Today, fog and friction are conflicts based on
information overload, real-time technology, and cyberspace threats. The debate starts with a few
suggestion on the promises of the modern technology and information dominance. But, some
feel that overloaded information and starvation of information both could result in fog and
friction. This report presents a discussion on the fog of war, decision making for cyber,
information environment, cyber security issues, and critical analysis will be presented by the end
of this report.
In Task 2, the main objective of this task is to provide the cyber manoeuvre principles
can underpin the offensive and defensive operations in the modern information environment.
In task 3, the main aim of this task is to do deep packet analysis of the provided file, by
using the Wireshark tool. The deep packet analysis includes the following aspects such as,
Statistics analysis - Network Boundaries, Active Node, Types of protocols and
Traffic and External sources.
Activity Narrative
Attack Identification and Explanation.
All the above aspects will be analyzed and discussed in detail.
1
Task 1
1.1 Fog of war
Fog of war was coined by Carl von Clausewitz. This term was used for ambiguities
related to war. When a battle starts, even the tactical and relevant information can be confusing
and misleading. This can be due to the difficulty to see the patterns in the midst of fog and noise.
A war is an art, which needs unplanned decision making. In war, there are practical situations
where the higher authority’s restricted commands need not be obeyed, instead based on the
situation the leaders should take the control on the situation and take advantage. The theory of
Colonel John Boyd, (Observe-Orient-Decide-Act) OODA loop are utilized in the business and
military. From his point of view, the fog of war can be beneficial (Strategic Thinking, 2019).
Initially, to gain advantage over the enemy, it is required to anticipate the ambiguity. The
next step is to understand the fog’s disorientations on the opponent, then continue the confusion
state by surprising tactics. More importantly, instantly analyze the opponent’s decision cycle,
with the help of OODA cycle. Here, the speed matters, so one must be quick than the opponent.
This can cause confusion, fear, and chaos. Today, the war is completely different, as the
technology has changed the combat, and the modern opponents rely on C4ISR systems
(Command, Control, Communications, Computers, Intelligence, Surveillance and
Reconnaissance). The tsunami of technology has resulted in cyber side of war (Reed, 2012).
1.2 Information Environment
In this technology-oriented world, people and organizations all rely on information and
communications technology (ICT) and this demands security policy regarding cyberspace. But it
can be a daunting task. The information environment in the present day overloads with
information, real-time technology, and cyberspace threats, which creates fog on the modern
battlefields. Today, the challenges in cybersecurity are regarding ransomware evolution,
blockchain revolution, AI expansion, increasing IoT threats, and vulnerability of serverless apps
(Mason, 2018). Despite the advantage of advanced technology and dominance of information,
the theory of Clausewitz about “fog and friction” remains in the modern combat and in all the
technological fields, which is more severe than before. Thus, it is necessary to come to terms
regarding modern ambiguities (Reed, 2012).
2
1.1 Fog of war
Fog of war was coined by Carl von Clausewitz. This term was used for ambiguities
related to war. When a battle starts, even the tactical and relevant information can be confusing
and misleading. This can be due to the difficulty to see the patterns in the midst of fog and noise.
A war is an art, which needs unplanned decision making. In war, there are practical situations
where the higher authority’s restricted commands need not be obeyed, instead based on the
situation the leaders should take the control on the situation and take advantage. The theory of
Colonel John Boyd, (Observe-Orient-Decide-Act) OODA loop are utilized in the business and
military. From his point of view, the fog of war can be beneficial (Strategic Thinking, 2019).
Initially, to gain advantage over the enemy, it is required to anticipate the ambiguity. The
next step is to understand the fog’s disorientations on the opponent, then continue the confusion
state by surprising tactics. More importantly, instantly analyze the opponent’s decision cycle,
with the help of OODA cycle. Here, the speed matters, so one must be quick than the opponent.
This can cause confusion, fear, and chaos. Today, the war is completely different, as the
technology has changed the combat, and the modern opponents rely on C4ISR systems
(Command, Control, Communications, Computers, Intelligence, Surveillance and
Reconnaissance). The tsunami of technology has resulted in cyber side of war (Reed, 2012).
1.2 Information Environment
In this technology-oriented world, people and organizations all rely on information and
communications technology (ICT) and this demands security policy regarding cyberspace. But it
can be a daunting task. The information environment in the present day overloads with
information, real-time technology, and cyberspace threats, which creates fog on the modern
battlefields. Today, the challenges in cybersecurity are regarding ransomware evolution,
blockchain revolution, AI expansion, increasing IoT threats, and vulnerability of serverless apps
(Mason, 2018). Despite the advantage of advanced technology and dominance of information,
the theory of Clausewitz about “fog and friction” remains in the modern combat and in all the
technological fields, which is more severe than before. Thus, it is necessary to come to terms
regarding modern ambiguities (Reed, 2012).
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1.3 Decision making for cyber (friction issues?)
The above sections provide an understanding that, it is important to take correct and
instant decisions based on the environmental and systemic uncertainty. There are various
challenges in formulating the cyber security policy that is effective. The decision makers are held
responsible for well-developed and a standard method. It is extremely difficult to make decision
in uncertain situation. Especially, in cyber- attacks the decision making worsens due to
uncertainty (Dean and McDermott, 2017).
The following reasons cause uncertainty in making decisions related to cyber security
(Jalali, Siegel and Madnick, 2019):
1) Lack of knowledge.
2) High complexity level
3) Poor capability of predicting future events.
4) Difficulty to calculate the impact of a hypothetical cyber incident.
5) Lack of experience.
To overcome uncertainty, one must invest on information security, because it helps to get
positive results. Then, the uncertainty can be solved by estimating risks and selecting risk-return
combinations (Jalali, Siegel and Madnick, 2019).
1.4 Critical Discussion
The discussion of this report determines that, in the data overload environment, educating
on how to ensure the leaders and users to fight unblocked based on the present technical
advantages is necessary.
The Internet is being increasingly exploited by the attackers, for various illegal purposes
and to develop new criminal methods to use the Internet. It is significant to stop such illegal
activities/cyber-crimes, which effects the internet’s growth and development due to security
issues. The security issues increases the fear of trust to perform any kind of personal or business
transactions (Canabarro and Borne, 2013). However, ensure risk assessment for cyber security
(Fielder et al., 2017). It is concluded that creation of effective policies and effective methods for
addressing the cyber threats and information technology is vital for defense. It is also worth to
have a comprehensive Cybersecurity Strategy, with effective measures for anticipating,
3
The above sections provide an understanding that, it is important to take correct and
instant decisions based on the environmental and systemic uncertainty. There are various
challenges in formulating the cyber security policy that is effective. The decision makers are held
responsible for well-developed and a standard method. It is extremely difficult to make decision
in uncertain situation. Especially, in cyber- attacks the decision making worsens due to
uncertainty (Dean and McDermott, 2017).
The following reasons cause uncertainty in making decisions related to cyber security
(Jalali, Siegel and Madnick, 2019):
1) Lack of knowledge.
2) High complexity level
3) Poor capability of predicting future events.
4) Difficulty to calculate the impact of a hypothetical cyber incident.
5) Lack of experience.
To overcome uncertainty, one must invest on information security, because it helps to get
positive results. Then, the uncertainty can be solved by estimating risks and selecting risk-return
combinations (Jalali, Siegel and Madnick, 2019).
1.4 Critical Discussion
The discussion of this report determines that, in the data overload environment, educating
on how to ensure the leaders and users to fight unblocked based on the present technical
advantages is necessary.
The Internet is being increasingly exploited by the attackers, for various illegal purposes
and to develop new criminal methods to use the Internet. It is significant to stop such illegal
activities/cyber-crimes, which effects the internet’s growth and development due to security
issues. The security issues increases the fear of trust to perform any kind of personal or business
transactions (Canabarro and Borne, 2013). However, ensure risk assessment for cyber security
(Fielder et al., 2017). It is concluded that creation of effective policies and effective methods for
addressing the cyber threats and information technology is vital for defense. It is also worth to
have a comprehensive Cybersecurity Strategy, with effective measures for anticipating,
3
addressing, and responding to the cyberattacks. The strategy must foster the development of
legal tools to combat all types of cyber-crime. Only such an initiative can help to distribute the
cybersecurity information and respond to the incidents, concerns, and computer security threats.
The sense of surging uncertainty shows a changing environment which can have impacts
on the choices that are made. Thus, it is necessary to identify and accommodate these changes
which helps to get an opportunity to increase the effectiveness of decision making (Decision-
making-solutions.com, 2019).
To be successful, it is necessary to revel in ambiguity. Because, it is the best option,
which helps to come to terms with what can and cannot be mastered. It is concluded that
investment on information security is essential to see positive results in cyber security.
It is not easy to develop a policy, which is flexible and adaptable by all, including state
actors, non-state actors, and businesses to engage in a World Wide Web, which is an established
form of government structure (Dean and McDermott, 2017).
Task 3
3.1 Statistical Analysis
In deep packet analysis, first do statistical analysis for the provided file. Thus, open the
provided file in the Wireshark tool as presented in the below screenshot (Insights.profitap.com,
2019).
4
legal tools to combat all types of cyber-crime. Only such an initiative can help to distribute the
cybersecurity information and respond to the incidents, concerns, and computer security threats.
The sense of surging uncertainty shows a changing environment which can have impacts
on the choices that are made. Thus, it is necessary to identify and accommodate these changes
which helps to get an opportunity to increase the effectiveness of decision making (Decision-
making-solutions.com, 2019).
To be successful, it is necessary to revel in ambiguity. Because, it is the best option,
which helps to come to terms with what can and cannot be mastered. It is concluded that
investment on information security is essential to see positive results in cyber security.
It is not easy to develop a policy, which is flexible and adaptable by all, including state
actors, non-state actors, and businesses to engage in a World Wide Web, which is an established
form of government structure (Dean and McDermott, 2017).
Task 3
3.1 Statistical Analysis
In deep packet analysis, first do statistical analysis for the provided file. Thus, open the
provided file in the Wireshark tool as presented in the below screenshot (Insights.profitap.com,
2019).
4
Click on statistics to do statistical analysis. This analysis is used to provide the
information about the network boundaries, active nodes, type of protocols and traffics, and
external sources. The general statistics information for the provided file is represented below.
The general statistics is used to display the information about the captured file such as,
5
information about the network boundaries, active nodes, type of protocols and traffics, and
external sources. The general statistics information for the provided file is represented below.
The general statistics is used to display the information about the captured file such as,
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Length - 4235 kB
Encapsulation - Ethernet
Time Elapsed - 01:43:50
Packets - 21206
Based on Packet, it provides the following information,
Frame - 1
Source - 192.168.1.200
Destination - 192.168.1.254
Total Length - 56
Protocol - UDP
Time to live - 64
It provides the resolved addresses for the captured file which is used to provide the
information about the addresses. This step is illustrated below screenshot (Packt Hub, 2019),
Next, view the protocol hierarchy for the captured file which is used to provide the
network protocol details. Generally, the network protocols require transporting the larger chucks
of data which are complete in themselves (Duncan, 2019).
6
Encapsulation - Ethernet
Time Elapsed - 01:43:50
Packets - 21206
Based on Packet, it provides the following information,
Frame - 1
Source - 192.168.1.200
Destination - 192.168.1.254
Total Length - 56
Protocol - UDP
Time to live - 64
It provides the resolved addresses for the captured file which is used to provide the
information about the addresses. This step is illustrated below screenshot (Packt Hub, 2019),
Next, view the protocol hierarchy for the captured file which is used to provide the
network protocol details. Generally, the network protocols require transporting the larger chucks
of data which are complete in themselves (Duncan, 2019).
6
The underlying protocols are not able to handle the large chucks or streams like TCP
which does not know the data chuck. In this situation, the network protocols are used to handle
the chuck boundaries and spreads the data over multiple packets by using de-segmentation and
defragmentation mechanism reassembly in TCP.
The provided captured file defragmentation or de-segmentation packets are presented
below, which are used to show the network boundaries on the provided Wireshark file. It uses
the below filter command to identify the large chucks in data fragmentation,
tcp.reassembled.data
Based on the packet 443, it has 20 resembled data with TCP segment. Reassembled TCP
length is 64759. It is illustrated in the below screenshot.
7
which does not know the data chuck. In this situation, the network protocols are used to handle
the chuck boundaries and spreads the data over multiple packets by using de-segmentation and
defragmentation mechanism reassembly in TCP.
The provided captured file defragmentation or de-segmentation packets are presented
below, which are used to show the network boundaries on the provided Wireshark file. It uses
the below filter command to identify the large chucks in data fragmentation,
tcp.reassembled.data
Based on the packet 443, it has 20 resembled data with TCP segment. Reassembled TCP
length is 64759. It is illustrated in the below screenshot.
7
The end points statistics is used to show the active nodes in the captured file. It is
illustrated in the below screenshot.
8
illustrated in the below screenshot.
8
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The external resources are clearly displayed in the HTTP protocol hierarchy, which are
presented below.
9
presented below.
9
By default, the Wireshark tool uses color coding to identify the type of traffic at a glance.
To identify TCP and the UDP traffic type the following,
tcp.port == 80 || udp.port == 80
It is presented below,
10
To identify TCP and the UDP traffic type the following,
tcp.port == 80 || udp.port == 80
It is presented below,
10
Based on TCP and UDP traffic filter, 93.3% of packets have TCP and UDP traffics that
are 1978 packets.
To identify the HTTP and SSL traffic type the below filter command,
http.request or ssl.handshake.type == 1
Based on HTTP and SSH traffic filters, 11.7 % of packets have HTTP and SSH traffics
that are 2471 packets. Click the protocol hierarchy to view the HTTP and SSH protocol. It is
demonstrated in below screenshot.
11
are 1978 packets.
To identify the HTTP and SSL traffic type the below filter command,
http.request or ssl.handshake.type == 1
Based on HTTP and SSH traffic filters, 11.7 % of packets have HTTP and SSH traffics
that are 2471 packets. Click the protocol hierarchy to view the HTTP and SSH protocol. It is
demonstrated in below screenshot.
11
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The protocol information for HTTP and SHH traffic is presented in the below table.
Protocol Packet
Percent
Packets Packet-
Bytes
Bytes Bits
Frames 100% 2471 100Bytes 720226 1028
Ethernet 100% 2471 4.8 34594 49
Internet protocol version 4 100 2471 6.9 49420 70
Transmission control
protocol
100 2471 88.3 636212 908
Hypertext transfer
protocol
100.2 2475 101.2 728912 1040
View the type of protocol by clicking on the protocol hierarchy to view the type of
protocol. It is demonstrated below.
12
Protocol Packet
Percent
Packets Packet-
Bytes
Bytes Bits
Frames 100% 2471 100Bytes 720226 1028
Ethernet 100% 2471 4.8 34594 49
Internet protocol version 4 100 2471 6.9 49420 70
Transmission control
protocol
100 2471 88.3 636212 908
Hypertext transfer
protocol
100.2 2475 101.2 728912 1040
View the type of protocol by clicking on the protocol hierarchy to view the type of
protocol. It is demonstrated below.
12
The protocol information is presented in the below table.
Protocol Packet
Percent
Packets Packet-
Bytes
Bytes Bits
Frames 100% 21206 100Bytes 3896621 5003Bits
Ethernet 100% 21206 7.6 296884 381Bits
Logical link control 0 1 0 40 0
Internet protocol version 6 98.6 20901 10.7 418420 537
Internet protocol version 4 97.2 20618 80.7 3145477 4039
Transmission control
protocol
1005 21206 100 3896621 5003
At last, the overall traffic is displayed by using the I/O graph in statistics menu, and it is
represented in the below screenshot.
13
Protocol Packet
Percent
Packets Packet-
Bytes
Bytes Bits
Frames 100% 21206 100Bytes 3896621 5003Bits
Ethernet 100% 21206 7.6 296884 381Bits
Logical link control 0 1 0 40 0
Internet protocol version 6 98.6 20901 10.7 418420 537
Internet protocol version 4 97.2 20618 80.7 3145477 4039
Transmission control
protocol
1005 21206 100 3896621 5003
At last, the overall traffic is displayed by using the I/O graph in statistics menu, and it is
represented in the below screenshot.
13
3.2 Activity Narrative and Attack Identification
In this task, identify the attack in the provided captured file by using the following
activity narrative such as Click Statistics and choose conversation, which is used to display and
figure out all the protocol information with traffics. This process is used to identify high TCP
SYN flood attack, DoS or DDoS in a captured file because the captured file has high number of
TCP traffics (Firewall.cx, 2019).
TCP SYN Flood Attacks
Basically, the Denial of Service attacks can be performed easily and it can result in
serious interruption, but it is not always clear. In SYN flood attack, a malicious participant starts
exploiting the TCP protocol three-way handshakes to instantly cause disruptions of services and
network, and it eventually leads to a DoS attack. Such attacks are easily surprising the admin and
it becomes difficult to identify such attacks. But, the Wireshark tool easily processes to capture
and verify any suspicious activity of DoS attack.
Working of TCP SYN Flood Attack
When the client tries to establish a connection with a server, with the help of TCP
protocol such as HTTPs and HTTP, it is necessary to conduct the three-way handshake prior to
14
In this task, identify the attack in the provided captured file by using the following
activity narrative such as Click Statistics and choose conversation, which is used to display and
figure out all the protocol information with traffics. This process is used to identify high TCP
SYN flood attack, DoS or DDoS in a captured file because the captured file has high number of
TCP traffics (Firewall.cx, 2019).
TCP SYN Flood Attacks
Basically, the Denial of Service attacks can be performed easily and it can result in
serious interruption, but it is not always clear. In SYN flood attack, a malicious participant starts
exploiting the TCP protocol three-way handshakes to instantly cause disruptions of services and
network, and it eventually leads to a DoS attack. Such attacks are easily surprising the admin and
it becomes difficult to identify such attacks. But, the Wireshark tool easily processes to capture
and verify any suspicious activity of DoS attack.
Working of TCP SYN Flood Attack
When the client tries to establish a connection with a server, with the help of TCP
protocol such as HTTPs and HTTP, it is necessary to conduct the three-way handshake prior to
14
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
any exchange of data between them. Always, the three-way TCP handshake is intimated by the
client and a SYN packet is sent to the server.
The request is acknowledged by the server and simultaneously sends their own SYN
requests, which is called as SYN ACK packets. Then, an ACK packet is sent by the client which
confirms that both the hosts approve to establish a connection. Thus, establishment of connection
takes place and the transferring of data continues between the client and server.
In a SYN flood, with the help of a spoofed IP address the attacker sends a large value of
SYN packets to a server, and it can cause the server to reply. This means that, the SYN - ACK
leaves it ports half open, and waits to get a reply from the host, which actually does not exist.
With the absence of IP spoofing, the attacker will utilize the firewall rules for cancelling
the SYN - ACK packers before even it reaches him. Floods with SYB packets and does not
respond to the Acknowledgement, the attackers are easily overwhelming the target sources. In
this case, the target has a problem to handle the traffic which increases the memory consumption
and usage of the CPU, eventually leading to exhaustion of resource. In this situation, the server
will no longer be able to serve the request of a real client, and it eventually leaves to DoS attacks.
15
client and a SYN packet is sent to the server.
The request is acknowledged by the server and simultaneously sends their own SYN
requests, which is called as SYN ACK packets. Then, an ACK packet is sent by the client which
confirms that both the hosts approve to establish a connection. Thus, establishment of connection
takes place and the transferring of data continues between the client and server.
In a SYN flood, with the help of a spoofed IP address the attacker sends a large value of
SYN packets to a server, and it can cause the server to reply. This means that, the SYN - ACK
leaves it ports half open, and waits to get a reply from the host, which actually does not exist.
With the absence of IP spoofing, the attacker will utilize the firewall rules for cancelling
the SYN - ACK packers before even it reaches him. Floods with SYB packets and does not
respond to the Acknowledgement, the attackers are easily overwhelming the target sources. In
this case, the target has a problem to handle the traffic which increases the memory consumption
and usage of the CPU, eventually leading to exhaustion of resource. In this situation, the server
will no longer be able to serve the request of a real client, and it eventually leaves to DoS attacks.
15
Now, the attack is in progress, we can attempt to identify it, and SYN flood attacks can
be detected easily. The admin should not start the attack with a large flood of TCP traffic. Thus,
it is possible to filter the SYN packets without an acknowledgement, with the help of the
following command,
tcp.flags.syn == 1 and tcp.flags.ack == 0
The identified SYN Flood attacks for the provided captured file is illustrated below
(Kb.mazebolt.com, 2019).
Based on the SYN Flood Attacks, this filter shows the total packets as 1789, which
means 8.4% of overall packets.
3.3 Attack Explanation
In this section, the identified attack that is TCP SYN flood attacks will be explained,
based on the practical results.
16
be detected easily. The admin should not start the attack with a large flood of TCP traffic. Thus,
it is possible to filter the SYN packets without an acknowledgement, with the help of the
following command,
tcp.flags.syn == 1 and tcp.flags.ack == 0
The identified SYN Flood attacks for the provided captured file is illustrated below
(Kb.mazebolt.com, 2019).
Based on the SYN Flood Attacks, this filter shows the total packets as 1789, which
means 8.4% of overall packets.
3.3 Attack Explanation
In this section, the identified attack that is TCP SYN flood attacks will be explained,
based on the practical results.
16
Here, there is large value of SYN packets with least variance in time and every single
SYN packet displays it from a unique IP address with a destination port 80 (HTTP), where the
identifiable length is 0 and 65535 is the window size.
Next, the following command is filtered to see the number of SYN/ACKs packets,
tcp.flags.syn == 1 and tcp.flags.ack == 1
It is illustrated below.
17
SYN packet displays it from a unique IP address with a destination port 80 (HTTP), where the
identifiable length is 0 and 65535 is the window size.
Next, the following command is filtered to see the number of SYN/ACKs packets,
tcp.flags.syn == 1 and tcp.flags.ack == 1
It is illustrated below.
17
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Based on SYN Flood Attacks, this filter shows the total packets as 1715, which means it
contains 8.1% of the overall packets.
Based on both the results, we can surely see the sign of an attack called, TCP SYN attack.
Further, take a look at the Wireshark graph to see uptick’s visual representation in traffic by
using the I/O graph. To create an I/O graph, go to Statistics I/O graph menu and it is used to
18
contains 8.1% of the overall packets.
Based on both the results, we can surely see the sign of an attack called, TCP SYN attack.
Further, take a look at the Wireshark graph to see uptick’s visual representation in traffic by
using the I/O graph. To create an I/O graph, go to Statistics I/O graph menu and it is used to
18
display the massive spike in overall packets ranging between 0-2400 packets, per second. It is
presented below.
Open the protocol hierarchy, the volume of TCP packets can be seen. It is represented below.
Protocol Packet Packets Packet Bytes Bits
19
presented below.
Open the protocol hierarchy, the volume of TCP packets can be seen. It is represented below.
Protocol Packet Packets Packet Bytes Bits
19
Percent Bytes
Frame 100 1789 100 138434 197
Ethernet 100 1789 18.1 25046 35
Internet protocol version 4 100 1789 25.8 35780 51
Transmission control
protocol
100 1789 56.1 77596 110
Further, remove the filter, and a large volume of TCP packets can be seen as displayed in
the below screenshot.
The above mentioned metrics point the TCP SYN flood attack, which has less
opportunity to interpret it. With the usage of the Wireshark tool, it is possible to be certain that
there is a malicious activity and it ensures to take necessary actions to resolve the circumstance.
20
Frame 100 1789 100 138434 197
Ethernet 100 1789 18.1 25046 35
Internet protocol version 4 100 1789 25.8 35780 51
Transmission control
protocol
100 1789 56.1 77596 110
Further, remove the filter, and a large volume of TCP packets can be seen as displayed in
the below screenshot.
The above mentioned metrics point the TCP SYN flood attack, which has less
opportunity to interpret it. With the usage of the Wireshark tool, it is possible to be certain that
there is a malicious activity and it ensures to take necessary actions to resolve the circumstance.
20
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Overall Conclusion
This project is successfully developed a deep and systematic understanding and
knowledge of information of cyber operations.
In task 1, this task is effectively assessed the understanding of making decisions in the
modern information environment and ensures to assess the individual’s understanding on making
decisions for the modern information environment. From the discussion it is determined that, in
war, one cannot rely on information. Today, the fog of war is associated to cyber side of war,
which requires adopting an effective approach for dealing with the complicated cyber issues. It is
best to research and create public policies that are beneficial.
In Task 2, this task 2 is also effectively assessed the understanding of theoretical and
practical aspects of the computer operations and security. This task is successfully ensures and
provide the cyber manoeuvre principles can underpin the offensive and defensive operations in
the modern information environment. The deep packet analysis includes the following aspects
such as includes the following aspects such as,
Paper critique
Principles of Manoeuvre operations
Cyber operations in the modern environment
In task 3, this task 3 is also effectively assessed the understanding pf advanced principles
in computer security from a system perceptive. This task is successfully completed the deep
packet analysis of the provided file, by using the Wireshark tool. The deep packet analysis
includes the following aspects such as,
Statistics analysis - Network Boundaries, Active Node, Types of protocols and
Traffic and External sources.
Activity Narrative
Attack Identification and Explanation.
All the above aspects are analyzed and discussed in detail.
21
This project is successfully developed a deep and systematic understanding and
knowledge of information of cyber operations.
In task 1, this task is effectively assessed the understanding of making decisions in the
modern information environment and ensures to assess the individual’s understanding on making
decisions for the modern information environment. From the discussion it is determined that, in
war, one cannot rely on information. Today, the fog of war is associated to cyber side of war,
which requires adopting an effective approach for dealing with the complicated cyber issues. It is
best to research and create public policies that are beneficial.
In Task 2, this task 2 is also effectively assessed the understanding of theoretical and
practical aspects of the computer operations and security. This task is successfully ensures and
provide the cyber manoeuvre principles can underpin the offensive and defensive operations in
the modern information environment. The deep packet analysis includes the following aspects
such as includes the following aspects such as,
Paper critique
Principles of Manoeuvre operations
Cyber operations in the modern environment
In task 3, this task 3 is also effectively assessed the understanding pf advanced principles
in computer security from a system perceptive. This task is successfully completed the deep
packet analysis of the provided file, by using the Wireshark tool. The deep packet analysis
includes the following aspects such as,
Statistics analysis - Network Boundaries, Active Node, Types of protocols and
Traffic and External sources.
Activity Narrative
Attack Identification and Explanation.
All the above aspects are analyzed and discussed in detail.
21
References
Canabarro, D. and Borne, T. (2013). Brazil and the Fog of (Cyber)War. SSRN Electronic
Journal, (13-002).
Dean, B. and McDermott, R. (2017). A Research Agenda to Improve Decision Making in Cyber
Security Policy. Penn State Journal of Law & International Affairs, 5(1), pp.34-54.
Decision-making-solutions.com. (2019). Decision Making in Uncertainty. [online] Available at:
https://www.decision-making-solutions.com/decision-making-in-uncertainty.html [Accessed 21
Nov. 2019].
Duncan, B. (2019). Using Wireshark - Display Filter Expressions. [online] Unit42. Available at:
https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/ [Accessed 20
Nov. 2019].
Fielder, A., Konig, S., Panaousis, E., Schauer, S. and Rass, S. (2017). Uncertainty in Cyber
Security Investments. [online] Available at:
https://www.researchgate.net/publication/321902139_Uncertainty_in_Cyber_Security_Investme
nts [Accessed 21 Nov. 2019].
Firewall.cx. (2019). How to Perform TCP SYN Flood DoS Attack & Detect it with Wireshark -
Kali Linux hping3. [online] Available at: http://www.firewall.cx/general-topics-reviews/network-
protocol-analyzers/1224-performing-tcp-syn-flood-attack-and-detecting-it-with-wireshark.html
[Accessed 20 Nov. 2019].
Insights.profitap.com. (2019). 14 Powerful Wireshark Filters Our Engineers Use. [online]
Available at: https://insights.profitap.com/14-powerful-wireshark-filters-to-use [Accessed 20
Nov. 2019].
Jalali, M., Siegel, M. and Madnick, S. (2019). Decision-making and biases in cybersecurity
capability development: Evidence from a simulation game experiment. The Journal of Strategic
Information Systems, 28(1), pp.66-82.
Kb.mazebolt.com. (2019). SYN Flood | MazeBolt Knowledge Base. [online] Available at:
https://kb.mazebolt.com/knowledgebase/syn-flood/ [Accessed 20 Nov. 2019].
22
Canabarro, D. and Borne, T. (2013). Brazil and the Fog of (Cyber)War. SSRN Electronic
Journal, (13-002).
Dean, B. and McDermott, R. (2017). A Research Agenda to Improve Decision Making in Cyber
Security Policy. Penn State Journal of Law & International Affairs, 5(1), pp.34-54.
Decision-making-solutions.com. (2019). Decision Making in Uncertainty. [online] Available at:
https://www.decision-making-solutions.com/decision-making-in-uncertainty.html [Accessed 21
Nov. 2019].
Duncan, B. (2019). Using Wireshark - Display Filter Expressions. [online] Unit42. Available at:
https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/ [Accessed 20
Nov. 2019].
Fielder, A., Konig, S., Panaousis, E., Schauer, S. and Rass, S. (2017). Uncertainty in Cyber
Security Investments. [online] Available at:
https://www.researchgate.net/publication/321902139_Uncertainty_in_Cyber_Security_Investme
nts [Accessed 21 Nov. 2019].
Firewall.cx. (2019). How to Perform TCP SYN Flood DoS Attack & Detect it with Wireshark -
Kali Linux hping3. [online] Available at: http://www.firewall.cx/general-topics-reviews/network-
protocol-analyzers/1224-performing-tcp-syn-flood-attack-and-detecting-it-with-wireshark.html
[Accessed 20 Nov. 2019].
Insights.profitap.com. (2019). 14 Powerful Wireshark Filters Our Engineers Use. [online]
Available at: https://insights.profitap.com/14-powerful-wireshark-filters-to-use [Accessed 20
Nov. 2019].
Jalali, M., Siegel, M. and Madnick, S. (2019). Decision-making and biases in cybersecurity
capability development: Evidence from a simulation game experiment. The Journal of Strategic
Information Systems, 28(1), pp.66-82.
Kb.mazebolt.com. (2019). SYN Flood | MazeBolt Knowledge Base. [online] Available at:
https://kb.mazebolt.com/knowledgebase/syn-flood/ [Accessed 20 Nov. 2019].
22
Mason, J. (2018). 5 Cybersecurity Challenges and Trends: What to Expect in 2018. [online]
Globalsign.com. Available at: https://www.globalsign.com/en-in/blog/cybersecurity-trends-and-
challenges-2018/ [Accessed 21 Nov. 2019].
Packt Hub. (2019). Using statistical tools in Wireshark for packet analysis [Tutorial] | Packt
Hub. [online] Available at: https://hub.packtpub.com/statistical-tools-in-wireshark-for-packet-
analysis/ [Accessed 20 Nov. 2019].
Reed, J. (2012). Modern Fog and Friction. [online] Smallwarsjournal.com. Available at:
https://smallwarsjournal.com/jrnl/art/modern-fog-and-friction [Accessed 21 Nov. 2019].
Strategic Thinking. (2019). Fog of War. [online] Available at:
http://www.strategybydesign.org/fog-of-war [Accessed 21 Nov. 2019].
Appendix
Task 1
23
Globalsign.com. Available at: https://www.globalsign.com/en-in/blog/cybersecurity-trends-and-
challenges-2018/ [Accessed 21 Nov. 2019].
Packt Hub. (2019). Using statistical tools in Wireshark for packet analysis [Tutorial] | Packt
Hub. [online] Available at: https://hub.packtpub.com/statistical-tools-in-wireshark-for-packet-
analysis/ [Accessed 20 Nov. 2019].
Reed, J. (2012). Modern Fog and Friction. [online] Smallwarsjournal.com. Available at:
https://smallwarsjournal.com/jrnl/art/modern-fog-and-friction [Accessed 21 Nov. 2019].
Strategic Thinking. (2019). Fog of War. [online] Available at:
http://www.strategybydesign.org/fog-of-war [Accessed 21 Nov. 2019].
Appendix
Task 1
23
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Task 2
24
24
25
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.