Is415 Wk 4 Lab

Week 4 Laboratory

Week 4 Lab Part 1: Monitor & Define a Baseline Definition for Network Traffic

Learning Objectives and Outcomes

Upon completing this lab, students will be able to complete the following tasks:

* Identify servers and network appliances providing a specified service by reviewing network traffic and performing an analysis of packet captures

* Analyze user credentials passed through unencrypted service connections such as Telnet and FTP

* Compare unencrypted service connections to encrypted communications such as SSH

* Identify critical fields within the IP, UDP and TCP packet headers

* Distinguish between proper and improper protocol behavior such as TCP 3-way handshake vs. SYN scan

Week 4 Lab Part 1 - Assessment Worksheet

Overview

View the Demo Lab provided in the Practice section of Learning Space Unit 7 and answer the questions below. The presentation will demonstrate the use of Netwitness Investigator and discuss the different forensic capabilities of this tool. It will also show how to identify clear-text logon communications and IP hosts as well as network devices. Netwitness Investigator will also be used to analyze the difference between network clear-text and encrypted communications.

Week 4 Lab Part 1 Assessment Questions & Answers

1. Define network flows, Intrusion Prevention System, and packet capture.

Network flows is a directed graph where each edge has a capacity and each edge receives a flow. Intrusion prevention system is the tool used to protect an organization’s network, While Packet capture is the process of intercepting and logging traffic

2. How can each of these services be compared?

3. When analyzing a packet capture, is the data the same format when viewing FTP and HTTPS traffic? Why or why not?

4. Provide a list of at least 5 common TCP ports.

* TCP service multiplexer

* Remote job entry

* ECHO

* Message Send Protocol

* FTP...