COIT20262 - Internet Protocols and Wireshark Analysis Assignment

Verified

Added on 2020/03/04

AI Summary

This assignment involves analyzing network protocols using Wireshark and virtnet. The student is tasked with capturing TCP and UDP packets using netcat, creating a message sequence diagram, and answering questions about the captured data. The assignment requires setting up a network topology in virtnet, running netcat servers and clients, and capturing the network traffic using tcpdump. The student needs to submit the capture file and answer questions regarding the duration of TCP connections, the timing of UDP interactions, client port numbers, the limitations of using port numbers to identify applications, and what can be learned from client port numbers. This practical exercise aims to provide a solid understanding of common Internet protocols and the use of packet capture software. This solution is provided to the student for educational purposes, and Desklib offers various study resources like past papers and solved assignments.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Question 1. Analysis of Protocols with Wireshark [12 marks]
Objective: Gain a good understanding of common Internet protocols as well as using packet capture
software (Wireshark)
For this question you must use virtnet (as used in the workshops) to study Internet applications
with Wireshark. This assumes you have already setup and are familiar with virtnet. See Moodle
and workshop instructions for information on setting up and using virtnet, deploying the website,
and performing the attack.
Your task is to:
 Create topology 5 in virtnet where:
o node1 will be referred to as the client
o node2 will be the router
o node3 will be the server
 Start capturing packets using tcpdump on the router (node2)
 While capturing, perform the following operations in order:
1. Start netcat TCP server using assigned port on the server (node3)
2. Start netcat TCP client on the client (node1)
3. On the client (node1) type:
COIT20262 TCP<press ENTER>
My ID is <type in your actual student ID><press ENTER>
<Ctrl-D>
4. Start netcat UDP server using assigned port on the server (node3)
5. Start netcat UDP client on the client (node1)
6. On the client (node1) type:
COIT20262 UDP<press ENTER>
My name is <type in your actual name><press ENTER>
<Ctrl-C>
 Stop the capture and save the file as netcat.pcap
Server port numbers must be assigned based on the last three (3) digits of your student ID, xyz, as
defined below. Examples are given for a student ID of s1234567.
 For netcat TCP server use port 8xyz. Example port: 8567
 For netcat UDP server use port 9xyz. Example port: 9567
After performing and understanding the above steps, answer the following sub-questions
(a) Submit your capture file as netcat.pcap on Moodle. The single file must contain all
packets of both the TCP and UDP exchange using your assigned ports and using your ID and
name. [4 marks]
Answer : File Uploaded
(b) Draw a message sequence diagram that illustrates all the TCP and UDP packets generated by
using netcat (do not draw any packets generated by other applications or protocols, such as ARP,
DNS or SSH). A message sequence diagram uses vertical lines to represent events that happen at a

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

computer over time (time is increasing as the line goes down). Addresses of the computers/software
are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages
(packets) being sent between computers. Each arrow should be labelled with the protocol, packet
type and important information of the message. Examples of message sequence diagrams are given in
workshops. Note that you do not need to show the packet times, and the diagram does not have to be
to scale. [4 marks]
Answer:

(c) Based on your capture, how many milliseconds was the TCP connection (that is, from very first
packet of the connection to very last packet of the connection)? [1 mark]
Answer: As can be observed from the file ‘netcat.pcap’ , 69.832 seconds elapsed since the beginning
(Packet#3) of the capture till the end of the connection (Packet#16). So, number of milliseconds till the
TCP connection = 69,832.
(d) Based on your capture, how many milliseconds from between when the user pressed ENTER
following the first line (“COIT20262 ...”) until the user pressed ENTER following the second line
(“My ...”) when using UDP? [0.5 mark]
Answer: Number of seconds (TimeStamp_of_Packets#10 - TimeStamp_of_Packets#8) = 42.650 - 18.715
= 23.935 seconds
(e) What were the port numbers of the TCP client and UDP client? [0.5 mark]
Answer: TCP client port: 39224
UDP client port: 53705
(f) Often a security analyst can learn the type of application being used based on the port number
used by a server application. For example, if the server port is 80, the analyst assumes the application
is HTTP or web browsing. What is the limitation of this approach of identifying applications? [1
mark]
Answer: The standard port numbers are only assigned by default to the application protocols. There is
always an option for the server administrator to run the application on a port different from the default
port. So, a security analyst can wrongly identify an application if he considers only the port number.
(g) What can a security analyst learn from knowing the port number of a client application?
Answer: Usually, the client port numbers are chosen from a dynamic pool of port numbers. A port
number is assigned to a client for a very short duration of time and these port numbers are thus, called
as ephemeral ports. However, for some applications like DHCP ports for both client and server are well
defined. In DHCP, client uses the port number 68 while the server uses the port number 67. In such
cases, the security analyst can determine the client application from their port numbers.