INFA 620 Laboratory 2 Context
The purpose of this lab is to practice examining traffic using a protocol analyzer and recognize a SYN attack.
The SYN flood attack is one of the common Denial of Service (DoS) attacks in the Internet. In the SYN flood attack, an attacker sends a large number of SYN packets to the server, ignores SYN/ACK replies and never sends the expected ACK packet. Basically, the attacker overwhelms the server with many half-established connections and exhausts the server resources, and hence the attack is known as a DoS attack.
The tool you will be using is known as Wireshark, a well-known open source packet analyzer. The exercise will demonstrate that recognizing an attack requires sophisticated tools (such as Wireshark), hard work (what you are about to put in) and knowledge of the domain (TCP/IP network).
You can perform this exercise either using Wireshark on your machine or a remote lab supplied by UMUC, known as DaaS. I encourage that you carry out the exercise using the remote Lab. The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote Virtu, knioal Lab using VPN module under Course Content. (Note: For this laboratory exercise, you need to access only NIXEXT01 (External) node. wireshark is available on that machine.
The access to the needed “.cap” files is as follows: On the NIXEXT01 machine, open the folder Lab Resources (use the right click to open a menu and then choose open), the open the Projects folder the same way and then execute Download Project Resources (again use the right click button to find the execute option. This will bring all the .cap file both for Lab 2 and Lab 3.
If you want to perform the exercise on your home computer, download wireshark from http://www.wireshark.orgSelect all installation options. (Note: These files are about 20 MB and may take a long time to download on a slow link.) You may also download the documentation.
Wireshark can both capture packets and read trace files of packets that have already been captured. However, this is not a packet capturing exercise. This is a packet analysis exercise of packets that were previously captured.
1. Obtain trace files of the TCP handshake process.
2. Read the tcpshake.cap trace file. This trace file captured three packets of a successful connection handshake. Become familiar with Wireshark’s interface.
3. Read the tcp-syn-attack.cap file and answer the following 10 questions (10 points each):
Post your answer in the Lab 2 assignment folder.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more