Hands-on Lab 9 - Network Security - Intrusion Detection
(DUE April 27, 2006 by midnight EST)
Ethereal network protocol analyzer

Pre-assignment: Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Ethereal is available for Windows and Linux (http://www.ethereal.com/download.html).

Before installing Ethereal for Windows, you must first install WinCap (from http://winpcap.polito.it/) to allow for the capture of network packets.


Assignment:

  1. Review how to connect to the VPN concentrator
  2. Use VNC to connect to Sail1, Sail2, Sail3, Sail6, or Sail7

Post-assignment: SUBMIT TO DROP-BOX in WebCT.

Submit answers to the following questions based on the reports you generated. [Use the statistics menu to find most of these answers].

  1. How many packets were captured?
  2. How many packets were dropped [look in the summary]?
  3. Describe the different types of protocols captured and the different levels of communications (use the different tabs in Conversations).
  4. Were there any unexpected "conversations"?
  5. Which device(s) did your computer "talk" to the most?
  6. Which are the most frequent type of packets captured?
  7. Was the traffic constant [look at the IO Graph]?
  8. Describe several uses of Ethereal?
  9. Which feature of Ethereal did you find the most useful and why?
  10. Which feature of Ethereal did you find the most difficult to use and why?