Week 4 Lab Part 1: Network Traffic Analysis and Baseline Definition & Secure WLAN Solution

Part A Assignment Requirements

Watch the Demo Lab in Learning Space Unit 7 and then answer questions 1-10 below.

1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness. 2. What is promiscuous mode and how does this allow tcpdump, Wireshark, and Netwitness Investigator to perform protocol capture off a live network? …show more content…
15:42:31.063149 IP 192.168.2.62.36182 > 192.168.2.1.53: 64516+ A? google.com. (28)
15:42:31.080163 IP 192.168.2.1.53 > 192.168.2.62.36182: 64516 6/0/0 A 74.125.95.103,[|domain]
15:42:31.126128 IP 192.168.2.62.60175 > 74.125.95.103.80: S 3347203011:3347203011(0) win 5840 <mss 1460,sackOK,timestamp 40352 0,nop,wscale 6>
15:42:31.151658 IP 74.125.95.103.80 > 192.168.2.62.60175: S 1961428039:1961428039(0) ack 3347203012 win 5672 <mss 1430,sackOK,timestamp 1990660553 40352,nop,wscale 6>
15:42:31.151923 IP 192.168.2.62.60175 > 74.125.95.103.80: . ack 1 win 92 <nop,nop,timestamp 40360 1990660553>
15:42:31.152698 IP 192.168.2.62.60175 > 74.125.95.103.80: P 1:465(464) ack 1 win 92 <nop,nop,timestamp 40360 1990660553>
15:42:31.185873 IP 74.125.95.103.80 > 192.168.2.62.60175: . ack 465 win 106 <nop,nop,timestamp 1990660584 40360>
15:42:31.186930 IP 74.125.95.103.80 > 192.168.2.62.60175: P 1:512(511) ack 465 win 106 <nop,nop,timestamp 1990660588 40360>
15:42:31.186969 IP 192.168.2.62.60175 > 74.125.95.103.80: . ack 512 win 108 <nop,nop,timestamp 40370 1990660588>

2. What website did the user visit? What did the system do just before it requested the site? What port did it connect to? The user visited