CIS-140NA Final Spring 2016

The questions on this final all reference the attached pcapng file. 

IMPORTANT: You must use Wireshark version 2.0 or above for this final. If you're using a class computer update Wireshark before you begin. 

Part 1: Navigating a Capture 

The PCAPNG capture file stores lots of information about your capture. 
  1. When was this capture taken?
  2. How many packets are in the capture file?
  3. On what operating system was this capture file taken? 
  4. What does the comment in the capture file say? 
  5. How many expert mode errors and warning are there?

Part 2: Mapping the Network

A capture tells you a lot about a network. You should be able to reconstruct the network topology from a capture file.  
  1. How many hosts are on the subnet where this capture was taken? Explain your answer. 
  2. What is the IPv4 and the IPv6 address of the router? How do you know?
  3. What is the IPv4 subnet? 
  4. What is the IPv6 subnet? 

Part 3: Understanding the Infrastructure 

Infrastructure protocols like DHCP and DNS provide information about a network that's hidden to most users. Find these protocols in your capture to answer the following questions.
  1. List the DNS server(s) on this network? What are the best and worst DNS lookup times?
  2. This network uses DHCP. What is the DHCP lease time? Explain how you found out. 
  3. What hosts have DHCP leases?

Part 4: Applications

Examine the each of the TCP connections that are present in the capture file. Take note of their source, destination and protocol. Use that information to answer the following questions. 
  1. Based on TCP conversations describe what services are present on this network. Explain your answer.
  2. There's a JPEG image in the HTTP traffic. What is it a picture of? How did you find it? 
  3. List what MySQL usernames can be seen. 
  4. Can you find any MySQL passwords? What are they?  

Part 5: Errors 

There are no fewer than five problems evident in this capture file. Find every problem you can and describe what it is and what causes it. Ignore packet loss and out-of-order transmissions. 

Spring 2016 Final.pcapng.gz
Michael Matera,
May 16, 2016, 6:57 PM