- Provide a report giving your analysis of five different packet captures of protocols not covered in class (e.g. don’t use Kerberos, TLS or protocols covered in Sanders).
- One of the five must be SMB or a related protocol (e.g. Samba) that uses a port like 137-139, 445, whether tcp or udp.
- In your analysis, cover the following for each protocol: 1) purpose, 2) reference standards, 3) format/structure, 4) applications/uses and 5) security issues.
- For security, address issues such as known vulnerabilities with specific CVEs related to each protocol (see https://cve.mitre.org, https://nvd.nist.gov, https://www.cvedetails.com). Include deep analysis of the security issues for each protocol—research is required for this part.
- Conduct at least one of the captures using a command-line tool like TShark or tcpdump and include screenshots showing your output.
- One or two protocol captures may come from online sources like https://wiki.wireshark.org/SampleCaptures and https://github.com/chrissanders/packets.Please include Wireshark screenshots that clearly demonstrate that you captured the packet (that it’s not found from an online image search, for example).
- Include one screenshot of each protocol that shows the expanded packet details (format/structure) of the protocol you’re analyzing.
- Include screenshots showing two statistic utilities that analyze packet capture. For example, the Protocol Hierarchy (see Chapter 5 in the textbook). How can these utilities be used to solve security problems?
- In your Introduction, include how you went about your captures (where, when, how, etc.).
- You need to use your own computer or devices to accomplish this assignment.
- Include introduction, table of contents, page numbers.
- List all references used in this assignment.
- Legible, organized, understandable analysis
- Screenshots are legible, clear, fitted.
- Overall quality and professionalism of report.
0 comments