Submitted by: Submitted by JIJI2OO6
Views: 72
Words: 627
Pages: 3
Category: Science and Technology
Date Submitted: 11/01/2014 08:26 PM
Week 4 Laboratory
Week 4 Lab Part 1: Monitor & Define a Baseline Definition for Network Traffic
Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks:
* Identify servers and network appliances providing a specified service by reviewing network traffic and performing an analysis of packet captures
* Analyze user credentials passed through unencrypted service connections such as Telnet and FTP
* Compare unencrypted service connections to encrypted communications such as SSH
* Identify critical fields within the IP, UDP and TCP packet headers
* Distinguish between proper and improper protocol behavior such as TCP 3-way handshake vs. SYN scan
Week 4 Lab Part 1 - Assessment Worksheet
Overview
View the Demo Lab provided in the Practice section of Learning Space Unit 7 and answer the questions below. The presentation will demonstrate the use of Netwitness Investigator and discuss the different forensic capabilities of this tool. It will also show how to identify clear-text logon communications and IP hosts as well as network devices. Netwitness Investigator will also be used to analyze the difference between network clear-text and encrypted communications.
Week 4 Lab Part 1 Assessment Questions & Answers
1. Define network flows, Intrusion Prevention System, and packet capture.
Network flows is a directed graph where each edge has a capacity and each edge receives a flow. Intrusion prevention system is the tool used to protect an organization’s network, While Packet capture is the process of intercepting and logging traffic
2. How can each of these services be compared?
3. When analyzing a packet capture, is the data the same format when viewing FTP and HTTPS traffic? Why or why not?
4. Provide a list of at least 5 common TCP ports.
* TCP service multiplexer
* Remote job entry
* ECHO
* Message Send Protocol
* FTP...