COLLEGE OF TECHNOLOGY
SEC 6040: Web and Data Security
Week 3 – Wireshark Review Assignment
Monitoring the Network Exercise
Pts: 100 pts
For
this assignment you will be required to run Wireshark to complete the
assignment and also view the following video on YouTube.
http://www.youtube.com/watch?v=qzonPrKNhwc
1)
When monitoring one port on the
network switch, what kind of traffic if predominantly observed? What other traffic can be seen when port
mirroring is turned on? (10 Points)
As we know that, port mirroring is
used on a network switch to send a copy of network packets seen on one switch
port to a network monitoring connection on another switch port. It generally
indicates the ability to copy the traffic from a single port to a mirror port
but disallows any type of bidirectional traffic on the port. Port mirroring
allows a particular computer to see the network traffic, which is normally
hidden from it.
When monitoring one port on the
traffic on a network switch, we can be observed that the broadcast traffic and the
additional packets that are neither for you nor from you will show up because
the switched trying to flush out its buffer so that it can handle and begin to
switch again the data appropriately. When port mirroring is turned on, we can
observe broadcast traffic in the switch.
2)
During the video, the presenter
observes in a greater detail the DNS record packet. How many records did the presenter observe?
____________ In your capture on the Wireshark
install did you monitor any DNS records and if so how many did you observe?
___________ (15 points)
DNS records are basically mapping
files that tell the DNS server which IP address each domain is associated with,
and how to handle requests sent to each domain.
In
the video above the presenter observes 13 DNS packets used in communication
within the network. In my capture of the Wireshark there are no DNS records as
show below.
3)
What is the issue with spanning tree
protocol as discussed by the presenter and how would you deal with the issues
identified? (25 ports)
Spanning tree protocol is a layer 2
protocol in the open system interconnect model that works by communicating data
back and forth with an aim of finding out how the switches are arranged on the
network and then using all the information gathered it can create a logical
tree.
The presenter in the video discussed
the issues with STP and misconfiguration. The presenter in the video identified
the issue with the Spanning Tree Protocol is that when one switch is talking to
another switch then spanning tree misleads the switch traffic flow. There may
be a change of sending data packets to another switch which causes
misconfiguration and vulnerability.
This cause many security issues. The
better way to approach the issue is by maintain the records of misconfiguration
switches and analyzing the issues using the sniffer like Wireshark. The network engineering team should track the
issues and analyze frequently until resolved.
4)
While your Wireshark is running in
capture mode. Visit a specific
website. Please ensure that the website
is not running https. Once you have
done, that, using Wireshark’s capture find the packets that identify the
network traffic that pertains to the website you visited. Please provide the name of the site that was
visited and the screen shot of the captured traffic. (50 points)
To
study the traffic of the network using Wireshark, I visited http://www.neb.gov.np which is the official website of Nepal
Examination Board of Nepal and not using an https website.
The
TCP packets that identify the network traffic when I visited the above website.