Home‎ > ‎CIS 140NA‎ > ‎

Practice Final

The final requires Wireshark 2.0 or above. If you are using a class computer upgrade Wireshark before you begin the test. Use the following packets for this practice final:

Answer the following questions: 
  1. When was this capture taken?
  2. How many packets are in the capture file?
  3. How many expert mode errors and warning are there?
Can you determine what hosts are on the network using the capture file?
  1. What MAC addresses are present? 
  2. What are the IPv4 and IPv6 addresses of the hosts? 
  3. Do you see router advertisements or DHCP, what do those tell you?
Dig into DNS.
  1. What is the DNS server?
  2. What is the best and worst query time? 
Network Applications
Look at the TCP connections in this capture. You should be able to determine what services hosts offer (e.g. webserver or email). 
  1. What protocols are used in the connections captured?
  2. Can you find words in the TCP streams?  Can you find a message I hid in the capture with the word "packet" in it? 
  3. Can you see what HTTP objects were captures? 
Use the default coloring scheme to look for errors. Look a bit deeper. 
  1. Can you find a DNS failure, where the server says a name doesn't exist? 
  2. Do all of the ARP requests have an answer?
  3. Are there ICMP packets that signal an error?

Michael Matera,
May 18, 2016, 4:28 PM