7COM1069 Cyber Operations - Analysis of Wireshark Packet Capture

This report provides a comprehensive analysis of a Wireshark packet capture file, examining network boundaries, active nodes, protocols, and traffic types. The analysis begins with a statistical breakdown of the packet capture, detailing frame information, encapsulation types, arrival times, and protocol layers such as Ethernet, IPv4, UDP, and DNS queries. The report identifies a DNS-related attack, likely cache poisoning or a man-in-the-middle attack, based on the observed traffic patterns. The narrative traces a request from a Dell computer (192.168.1.200) to resolve google.com, followed by server responses. The explanation section details the mechanics of cache poisoning, where attackers inject corrupted data into the DNS cache to redirect traffic to malicious servers. The report concludes with the importance of implementing intrusion detection and prevention systems to mitigate such attacks.