+1(978)310-4246 credencewriters@gmail.com
  

CSIS 535
COMPREHENSIVE LAB ASSIGNMENT INSTRUCTIONS
Part 1
Refer to Chapter 26 of the text.
A. General
• Start your web browser and clear the browser’s cache memory, but do not access
any website yet.
• Open Wireshark and start capturing.
• Go back to your web browser and retrieve any web page that contains embedded
objects (pictures, logos, etc.).
• Since the browser’s cache memory has been cleared, the web page is retrieved
from the original destination. Type http (lowercase) in the Filter field of
Wireshark and click Apply so that only HTTP messages are displayed.
• After enough packets have been captured, select Capture from the pull-down
menu and select Stop to stop capturing. The packet list pane of Wireshark will
now display many HTTP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 1 Lab Report Sheet.
1. What is the source IP address of the first GET message?
2. What is the destination IP address of the first GET message?
3. What is the source IP address of the first response message?
4. What is the destination IP address of the first response message?
5. How are the source and destination addresses in the first response message related to
those in the first GET message?
6. Using the time stamps of a GET message and that of the corresponding response
message, determine how long it took from the time the GET message was sent until the
response message was received. By default, the value of the time column is the amount of
time in seconds since Wireshark tracing began.
7. From 1 of the messages, determine the HTTP version.
8. From the first GET message, determine the URL of the website.
9. From the first GET message, determine the user agent.
10. Using the first GET message, determine the medium format, the language, the
encoding, and the character set that the client can accept.
11. What are the status codes for the first response message? Check the Status Code table
to see the descriptions of this code.
12. Record the etag (identity tag) of the first response message. What is the application of
etag in conditional request in HTTP?
13. What is the value of the content-length field of the first response message?
Page 1 of 10
CSIS 535
B. Embedded Objects
Most web pages contain pictures, logos, etc., in the form of embedded objects.
When you open any of these pages, embedded objects are retrieved from the same
website or a different website. In this portion of part 1, you will extract information about
these embedded objects in the captured file.
Questions
Using the captured file in Part A of the assignment, answer the following questions in
your lab-report sheet.
1. Checking your browser, how many embedded objects are in the page?
2. How many GET messages were sent by the browser to retrieve the embedded objects?
3. What is the URL of each embedded object?
4. Has the HTTP used a persistent or non-persistent connection? Explain your answer.
C. Browser’s Cache Memory
To reduce the response time and internet traffic, most browsers keep the recently
retrieved HTTP objects in their cache memory. When the browser receives a request to
retrieve a web file, it first checks its cache memory. If it has the file, it sends a
conditional GET (IF-Modified-Since) request. The server sends the file if it is modified;
otherwise, it sends a “Not Modified” response.
•
•
•
•
Open Wireshark and start capturing.
Go to your browser and retrieve the same web page again by clicking the reload
or refresh button on your browser. This time, the page is retrieved from the cache
memory.
Type http (lowercase) in the Filter field of Wireshark and click Apply so that only
HTTP messages are displayed.
Stop Wireshark and save the captured file.
Questions
Using the captured file, answer the following questions on the Comprehensive Lab –
Part 1 Lab Report Sheet.
1. What is the value of the content-length field of the response message?
2. Explain the answer to the first question.
Documents to Turn in
Turn in the following documents:
1. A copy of the Comprehensive Lab – Part 1 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 2 of 10
CSIS 535
Part 2
Refer to Chapter 32 of the text.
A. IPSEC
IP Security (IPSec) is a collection of protocols designed by the Internet Engineering Task
Force (IETF) to provide security at the network level. IPSec setting and configuration is
overwhelming because, rather than defining specific implementation, it provides a
framework with many possible negotiated choices:
•
•
•
•
•
IPSec can be set up to work under Transport Mode or Tunnel Mode. Tunnel
Mode is often used between 2 gateways (such as routers) to provide a Private
Virtual Network (PVN), while the Transport Mode is more suitable for host-tohost communication.
IPSec can provide authentication alone by using an Authentication Header (AH)
algorithm, or it can provide encryption with an authentication option by using
Encapsulating Security Payload (ESP) algorithm.
Two hosts can exchange the key manually, or they can do it online using the
Internet Key Exchange (IKE) mechanism.
IPSec can use many different hash functions such as SHA-1 and MD5.
IPSec can use many different encryption algorithms such as DES, 3DES, and
AES.
To use IPSec, you must first set and configure it on both hosts. The set-up and
configuration procedures are slightly different for different operating systems. You must
check the internet to see how it is done for your operating system. Two possible ways to
set up IPSec policies in Windows are:
1. Microsoft Management Console
a. Select Run from the Start menu.
b. Type mmc and click OK. This will take you to the Microsoft Management
Console (MMC) that is a component of Windows operating systems. This
console provides users with an interface through which they may
configure and monitor the system.
c. On the File menu, click Add/Remove Snap-in.
d. Click Add, and then double-click IP Security Policy Management.
e. Follow the instructions on the screen.
2. Administrative Tools
a. Select Programs from the Start menu.
b. Select Administrative Tools.
c. Select Local Security Policy.
Page 3 of 10
CSIS 535
•
•
•
•
•
Open Wireshark and start capturing.
Using 1 of the hosts, run 1 of the C server programs or one of the Java programs
in Chapter 25.
Using the other host, run the C client program or the Java client program
corresponding to the server program you are running from the previous step.
Let Wireshark capture some packets.
After enough packets have been captured, or 1 of the running programs has been
terminated, stop Wireshark and save the captured file.
B. AH/ESP Packets
Depending on whether you set the IPSec to provide authentication alone (using AH
algorithm) or encryption with authentication option (using ESP), you may capture AH or
ESP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 2 Lab Report Sheet.
1. The AH/ESP packets are encapsulated in what protocol?
2. What is the protocol number for AH/ESP?
3. What information can an attacker sniff if she intercepts a communication protected by
IPSec? Can she get the IP addresses of the 2 hosts? Can she guess about the types of
packets carried by the ESP (for example, can she tells if the ESP contains VOIP)?
4. Open an AH/ESP packet. What information is inside the packet?
Part II: ISAKMP Packets
If the hosts are using the Internet Key Exchange (IKE) mechanism, you will notice
several ISAKMP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 2 Lab Report Sheet.
1. How many different ISAKMP exchange types are in the trace?
2. Does an ISAKMP use the service of UDP or TCP?
3. In which exchange type do you find the Security Association (SA)?
4. What encryption method is used?
5. What authentication method is used?
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 2 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 4 of 10
CSIS 535
Part 3
Refer to Chapter 32.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic
protocols that provide security over the Internet above the transport layer. In this lab, you
will capture packets while you are doing a secure transaction such as online banking,
checking your credit card statement over the Internet, or purchasing something online.
A. Assignment
•
•
•
•
Start Wireshark and start capturing packets.
Open your browser and make a secure connection to your bank, to your credit
card company, or to purchase something online. Do some transaction and
terminate the connection.
Go to Wireshark, stop packet capturing, and save the file.
Type ssl (lower case) in the Filter field and press Enter. You will see many SSL
packets as well as TCP packets.
B. General
In this portion of the assignment, you will explore the general issues related to the SSL
protocol.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the SSL version?
2. Can an SSL use the service of UDP? Explain.
3. What is the server port number?
4. Does an SSL packet carry an HTTP or an HTTPS packet?
5. Can you open an HTTPS payload? Can you open its headers?
6. Can you identify SSL source and destination addresses?
7. Are the SSL payload and the message authentication code (MAC) encrypted together
or separately?
8. Are the user name and password encrypted? What can you say about the security of an
SSL?
9. Select Analyze from the drop-down menu and then click Follow TCP stream. What do
you see?
C. SSL Client Hello
The first step in establishing an SSL connection is an SSL handshake. An SSL handshake
enables the SSL client and server to agree on cryptographic algorithms, authenticate each
other, and use asymmetric encryption techniques to generate a shared secret key. The
SSL then uses the shared key for the symmetric encryption of messages.
Page 5 of 10
CSIS 535
•
•
•
•
The SSL handshake starts with the SSL Client Hello message that contains
information such as:
o The SSL version;
o The Cipher Suites (combination of key exchange, hash, and encryption
algorithms) supported by the client;
o A session ID; and
o A random byte string that is used in subsequent computations and the
data compression methods.
In the packet list pane, select an SSL Client Hello message.
In the packet detail pane, click the box to the left of Secure Socket Layer to reveal
the detail of the packet (the plus sign will be changed to a minus sign).
Similarly, click on all the subsequent boxes to open them all the way.
Questions
Using the captured information, answer the following questions on Comprehensive Lab
– Part 3 Lab Report Sheet.
1. What is the random byte string generated by the client?
2. Can you tell what information the client is using to create this random byte string?
3. What is the hexadecimal value of the session ID?
4. How many different Cipher Suites (combinations of key exchange, hash, and
encryption algorithms) are supported by the client?
5. Is any compression method supported by the client?
D. SSL Server Hello
The handshake is followed by the SSL Server Hello message that contains the Cipher
Suite chosen by the server from the list provided by the client, the session ID, another
random byte string, and the SSL server digital certificate. It may also include a request
for a client certificate.
•
•
In the packet list pane, select an SSL Server Hello message.
In the packet detail pane, select the Secure Socket Layer and expand it all the
way.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the random byte string? Is it the same as the client’s?
2. What is the hexadecimal value of the session ID? Is it the same as the client’s session
ID?
3. Which Cipher Suite is chosen by the server?
4. Does the server request a client certificate?
Page 6 of 10
CSIS 535
E. Rest of SSL Handshake
After verifying the digital signature of the server’s digital certificate, the client sends a
random byte string encrypted with the server’s public key. Client and server use this
random number to compute the secret key for encrypting subsequent message data. The
client also sends a random byte string encrypted by the client’s private key together with
the client’s digital certificate, if it is requested by the server.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. Locate messages that are labeled Change Cipher Spec and Encrypted Handshake
Message. Are these sent by the server, by the client, or by both?
2. What is the purpose of Change Cipher Spec?
3. Locate and open a message labeled Certificate. What does the packet contain?
4. Locate and open a message that is labeled Client Key Exchange. What does the packet
contain?
5. Is there an Encrypted Alert message in your trace? What is the purpose of an
Encrypted Alert message?
F. Application Data
When handshaking is complete, the client and server exchange data encrypted
symmetrically with the shared secret key for the duration of the session.
Questions
Using the captured information, answer the following question on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the Application-Data content type?
2. Open any Application-Data packet and describe it.
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 3 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 7 of 10
CSIS 535
Part 4
Refer to Chapter 15.
Wireless Network
IEEE project 802.11 is the dominant standard in wireless LANs. In this lab, you will
capture and examine some IEEE 802.11 frames. Unfortunately, Wireshark does not work
with radio waves and thus cannot capture wireless traffic. To capture wireless packets,
you need to purchase AirPcap, a USB-based 802.11 radio designed to work effectively
with Wireshark. An external antenna is also included with AirPcap, which increases the
listening ability of the tool. Alternatively, you can download a captured wireless packet
from many websites. One such website that has many Wireshark captured files can be
found on the website Wireshark Sample Captures.
Using a wireless laptop equipped with Wireshark and AirPcap, capture some wireless
packets. The laptop must have a wireless connection to an access point (AP). Depending
on the location, you may see many captured packets. The 802.11 standard defines various
frame types that stations use for managing and controlling the wireless link.
Every frame has a control field that depicts the 802.11 protocol version, frame type, and
various other indicators. In addition, all frames contain link-layer addresses, a frame
sequence number, a frame body, and a frame check sequence (see Figure 15.9 in the
textbook).
A. Different Wireless Frames and Their Functions
There are many wireless frames in the captured trace. Some of these frames are
management frames, some are control frames, and some are data frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet.
1. List the management frames in the trace.
2. List the control frames in the trace.
3. List the data frames in the trace.
4. Which captured frame is an association frame (use the Internet to learn more about
association frames)?
5. Which captured frame is a beacon frame (use the Internet to learn more about beacon
frames)?
6. Which captured frame is a probe frame (use the Internet to learn more about probe
frames)?
7. Which captured frame is an RTS frame?
8. Which captured frame is a CTS frame?
9. Which captured frame is an ACK frame?
Page 8 of 10
CSIS 535
B. Beacon Frame
From the packet list pane, select 1 of the beacon frames.
Questions
Using the captured information, answer the following questions on Comprehensive Lab
– Part 4 Lab Report Sheet.
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret, the significance of different
bits of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
define?
d. the hexadecimal value of FCS field.
2. Using the packet detail pane, verify your answers to question 1.
C. Acknowledgment Frame
From the packet list pane, select 1 of the acknowledgement frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet.
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret the significance of different bits
of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
define?
d. the hexadecimal value of the FCS field.
2. Using the packet detail pane, verify your answers to question 1.
D. Probe Frame
From the packet list pane, select 1 of the probe frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet:
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret the significance of different bits
of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
Page 9 of 10
CSIS 535
define?
d. the hexadecimal value of the FCS field.
2. Using the packet detail pane, verify your answers to question 1.
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 4 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Be sure to review the Comprehensive Lab Assignment Resources section under the
Comprehensive Lab page.
Page 10 of 10
CSIS 535
COMPREHENSIVE LAB ASSIGNMENT INSTRUCTIONS
Part 1
Refer to Chapter 26 of the text.
A. General
• Start your web browser and clear the browser’s cache memory, but do not access
any website yet.
• Open Wireshark and start capturing.
• Go back to your web browser and retrieve any web page that contains embedded
objects (pictures, logos, etc.).
• Since the browser’s cache memory has been cleared, the web page is retrieved
from the original destination. Type http (lowercase) in the Filter field of
Wireshark and click Apply so that only HTTP messages are displayed.
• After enough packets have been captured, select Capture from the pull-down
menu and select Stop to stop capturing. The packet list pane of Wireshark will
now display many HTTP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 1 Lab Report Sheet.
1. What is the source IP address of the first GET message?
2. What is the destination IP address of the first GET message?
3. What is the source IP address of the first response message?
4. What is the destination IP address of the first response message?
5. How are the source and destination addresses in the first response message related to
those in the first GET message?
6. Using the time stamps of a GET message and that of the corresponding response
message, determine how long it took from the time the GET message was sent until the
response message was received. By default, the value of the time column is the amount of
time in seconds since Wireshark tracing began.
7. From 1 of the messages, determine the HTTP version.
8. From the first GET message, determine the URL of the website.
9. From the first GET message, determine the user agent.
10. Using the first GET message, determine the medium format, the language, the
encoding, and the character set that the client can accept.
11. What are the status codes for the first response message? Check the Status Code table
to see the descriptions of this code.
12. Record the etag (identity tag) of the first response message. What is the application of
etag in conditional request in HTTP?
13. What is the value of the content-length field of the first response message?
Page 1 of 10
CSIS 535
B. Embedded Objects
Most web pages contain pictures, logos, etc., in the form of embedded objects.
When you open any of these pages, embedded objects are retrieved from the same
website or a different website. In this portion of part 1, you will extract information about
these embedded objects in the captured file.
Questions
Using the captured file in Part A of the assignment, answer the following questions in
your lab-report sheet.
1. Checking your browser, how many embedded objects are in the page?
2. How many GET messages were sent by the browser to retrieve the embedded objects?
3. What is the URL of each embedded object?
4. Has the HTTP used a persistent or non-persistent connection? Explain your answer.
C. Browser’s Cache Memory
To reduce the response time and internet traffic, most browsers keep the recently
retrieved HTTP objects in their cache memory. When the browser receives a request to
retrieve a web file, it first checks its cache memory. If it has the file, it sends a
conditional GET (IF-Modified-Since) request. The server sends the file if it is modified;
otherwise, it sends a “Not Modified” response.
•
•
•
•
Open Wireshark and start capturing.
Go to your browser and retrieve the same web page again by clicking the reload
or refresh button on your browser. This time, the page is retrieved from the cache
memory.
Type http (lowercase) in the Filter field of Wireshark and click Apply so that only
HTTP messages are displayed.
Stop Wireshark and save the captured file.
Questions
Using the captured file, answer the following questions on the Comprehensive Lab –
Part 1 Lab Report Sheet.
1. What is the value of the content-length field of the response message?
2. Explain the answer to the first question.
Documents to Turn in
Turn in the following documents:
1. A copy of the Comprehensive Lab – Part 1 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 2 of 10
CSIS 535
Part 2
Refer to Chapter 32 of the text.
A. IPSEC
IP Security (IPSec) is a collection of protocols designed by the Internet Engineering Task
Force (IETF) to provide security at the network level. IPSec setting and configuration is
overwhelming because, rather than defining specific implementation, it provides a
framework with many possible negotiated choices:
•
•
•
•
•
IPSec can be set up to work under Transport Mode or Tunnel Mode. Tunnel
Mode is often used between 2 gateways (such as routers) to provide a Private
Virtual Network (PVN), while the Transport Mode is more suitable for host-tohost communication.
IPSec can provide authentication alone by using an Authentication Header (AH)
algorithm, or it can provide encryption with an authentication option by using
Encapsulating Security Payload (ESP) algorithm.
Two hosts can exchange the key manually, or they can do it online using the
Internet Key Exchange (IKE) mechanism.
IPSec can use many different hash functions such as SHA-1 and MD5.
IPSec can use many different encryption algorithms such as DES, 3DES, and
AES.
To use IPSec, you must first set and configure it on both hosts. The set-up and
configuration procedures are slightly different for different operating systems. You must
check the internet to see how it is done for your operating system. Two possible ways to
set up IPSec policies in Windows are:
1. Microsoft Management Console
a. Select Run from the Start menu.
b. Type mmc and click OK. This will take you to the Microsoft Management
Console (MMC) that is a component of Windows operating systems. This
console provides users with an interface through which they may
configure and monitor the system.
c. On the File menu, click Add/Remove Snap-in.
d. Click Add, and then double-click IP Security Policy Management.
e. Follow the instructions on the screen.
2. Administrative Tools
a. Select Programs from the Start menu.
b. Select Administrative Tools.
c. Select Local Security Policy.
Page 3 of 10
CSIS 535
•
•
•
•
•
Open Wireshark and start capturing.
Using 1 of the hosts, run 1 of the C server programs or one of the Java programs
in Chapter 25.
Using the other host, run the C client program or the Java client program
corresponding to the server program you are running from the previous step.
Let Wireshark capture some packets.
After enough packets have been captured, or 1 of the running programs has been
terminated, stop Wireshark and save the captured file.
B. AH/ESP Packets
Depending on whether you set the IPSec to provide authentication alone (using AH
algorithm) or encryption with authentication option (using ESP), you may capture AH or
ESP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 2 Lab Report Sheet.
1. The AH/ESP packets are encapsulated in what protocol?
2. What is the protocol number for AH/ESP?
3. What information can an attacker sniff if she intercepts a communication protected by
IPSec? Can she get the IP addresses of the 2 hosts? Can she guess about the types of
packets carried by the ESP (for example, can she tells if the ESP contains VOIP)?
4. Open an AH/ESP packet. What information is inside the packet?
Part II: ISAKMP Packets
If the hosts are using the Internet Key Exchange (IKE) mechanism, you will notice
several ISAKMP packets.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 2 Lab Report Sheet.
1. How many different ISAKMP exchange types are in the trace?
2. Does an ISAKMP use the service of UDP or TCP?
3. In which exchange type do you find the Security Association (SA)?
4. What encryption method is used?
5. What authentication method is used?
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 2 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 4 of 10
CSIS 535
Part 3
Refer to Chapter 32.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic
protocols that provide security over the Internet above the transport layer. In this lab, you
will capture packets while you are doing a secure transaction such as online banking,
checking your credit card statement over the Internet, or purchasing something online.
A. Assignment
•
•
•
•
Start Wireshark and start capturing packets.
Open your browser and make a secure connection to your bank, to your credit
card company, or to purchase something online. Do some transaction and
terminate the connection.
Go to Wireshark, stop packet capturing, and save the file.
Type ssl (lower case) in the Filter field and press Enter. You will see many SSL
packets as well as TCP packets.
B. General
In this portion of the assignment, you will explore the general issues related to the SSL
protocol.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the SSL version?
2. Can an SSL use the service of UDP? Explain.
3. What is the server port number?
4. Does an SSL packet carry an HTTP or an HTTPS packet?
5. Can you open an HTTPS payload? Can you open its headers?
6. Can you identify SSL source and destination addresses?
7. Are the SSL payload and the message authentication code (MAC) encrypted together
or separately?
8. Are the user name and password encrypted? What can you say about the security of an
SSL?
9. Select Analyze from the drop-down menu and then click Follow TCP stream. What do
you see?
C. SSL Client Hello
The first step in establishing an SSL connection is an SSL handshake. An SSL handshake
enables the SSL client and server to agree on cryptographic algorithms, authenticate each
other, and use asymmetric encryption techniques to generate a shared secret key. The
SSL then uses the shared key for the symmetric encryption of messages.
Page 5 of 10
CSIS 535
•
•
•
•
The SSL handshake starts with the SSL Client Hello message that contains
information such as:
o The SSL version;
o The Cipher Suites (combination of key exchange, hash, and encryption
algorithms) supported by the client;
o A session ID; and
o A random byte string that is used in subsequent computations and the
data compression methods.
In the packet list pane, select an SSL Client Hello message.
In the packet detail pane, click the box to the left of Secure Socket Layer to reveal
the detail of the packet (the plus sign will be changed to a minus sign).
Similarly, click on all the subsequent boxes to open them all the way.
Questions
Using the captured information, answer the following questions on Comprehensive Lab
– Part 3 Lab Report Sheet.
1. What is the random byte string generated by the client?
2. Can you tell what information the client is using to create this random byte string?
3. What is the hexadecimal value of the session ID?
4. How many different Cipher Suites (combinations of key exchange, hash, and
encryption algorithms) are supported by the client?
5. Is any compression method supported by the client?
D. SSL Server Hello
The handshake is followed by the SSL Server Hello message that contains the Cipher
Suite chosen by the server from the list provided by the client, the session ID, another
random byte string, and the SSL server digital certificate. It may also include a request
for a client certificate.
•
•
In the packet list pane, select an SSL Server Hello message.
In the packet detail pane, select the Secure Socket Layer and expand it all the
way.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the random byte string? Is it the same as the client’s?
2. What is the hexadecimal value of the session ID? Is it the same as the client’s session
ID?
3. Which Cipher Suite is chosen by the server?
4. Does the server request a client certificate?
Page 6 of 10
CSIS 535
E. Rest of SSL Handshake
After verifying the digital signature of the server’s digital certificate, the client sends a
random byte string encrypted with the server’s public key. Client and server use this
random number to compute the secret key for encrypting subsequent message data. The
client also sends a random byte string encrypted by the client’s private key together with
the client’s digital certificate, if it is requested by the server.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. Locate messages that are labeled Change Cipher Spec and Encrypted Handshake
Message. Are these sent by the server, by the client, or by both?
2. What is the purpose of Change Cipher Spec?
3. Locate and open a message labeled Certificate. What does the packet contain?
4. Locate and open a message that is labeled Client Key Exchange. What does the packet
contain?
5. Is there an Encrypted Alert message in your trace? What is the purpose of an
Encrypted Alert message?
F. Application Data
When handshaking is complete, the client and server exchange data encrypted
symmetrically with the shared secret key for the duration of the session.
Questions
Using the captured information, answer the following question on the Comprehensive
Lab – Part 3 Lab Report Sheet.
1. What is the Application-Data content type?
2. Open any Application-Data packet and describe it.
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 3 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Page 7 of 10
CSIS 535
Part 4
Refer to Chapter 15.
Wireless Network
IEEE project 802.11 is the dominant standard in wireless LANs. In this lab, you will
capture and examine some IEEE 802.11 frames. Unfortunately, Wireshark does not work
with radio waves and thus cannot capture wireless traffic. To capture wireless packets,
you need to purchase AirPcap, a USB-based 802.11 radio designed to work effectively
with Wireshark. An external antenna is also included with AirPcap, which increases the
listening ability of the tool. Alternatively, you can download a captured wireless packet
from many websites. One such website that has many Wireshark captured files can be
found on the website Wireshark Sample Captures.
Using a wireless laptop equipped with Wireshark and AirPcap, capture some wireless
packets. The laptop must have a wireless connection to an access point (AP). Depending
on the location, you may see many captured packets. The 802.11 standard defines various
frame types that stations use for managing and controlling the wireless link.
Every frame has a control field that depicts the 802.11 protocol version, frame type, and
various other indicators. In addition, all frames contain link-layer addresses, a frame
sequence number, a frame body, and a frame check sequence (see Figure 15.9 in the
textbook).
A. Different Wireless Frames and Their Functions
There are many wireless frames in the captured trace. Some of these frames are
management frames, some are control frames, and some are data frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet.
1. List the management frames in the trace.
2. List the control frames in the trace.
3. List the data frames in the trace.
4. Which captured frame is an association frame (use the Internet to learn more about
association frames)?
5. Which captured frame is a beacon frame (use the Internet to learn more about beacon
frames)?
6. Which captured frame is a probe frame (use the Internet to learn more about probe
frames)?
7. Which captured frame is an RTS frame?
8. Which captured frame is a CTS frame?
9. Which captured frame is an ACK frame?
Page 8 of 10
CSIS 535
B. Beacon Frame
From the packet list pane, select 1 of the beacon frames.
Questions
Using the captured information, answer the following questions on Comprehensive Lab
– Part 4 Lab Report Sheet.
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret, the significance of different
bits of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
define?
d. the hexadecimal value of FCS field.
2. Using the packet detail pane, verify your answers to question 1.
C. Acknowledgment Frame
From the packet list pane, select 1 of the acknowledgement frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet.
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret the significance of different bits
of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
define?
d. the hexadecimal value of the FCS field.
2. Using the packet detail pane, verify your answers to question 1.
D. Probe Frame
From the packet list pane, select 1 of the probe frames.
Questions
Using the captured information, answer the following questions on the Comprehensive
Lab – Part 4 Lab Report Sheet:
1. From the hexdump, determine:
a. the hexadecimal value of the FC. Interpret the significance of different bits
of this hexadecimal value.
b. the duration of this frame.
c. the number of addresses in this frame. Which entity does each address
Page 9 of 10
CSIS 535
define?
d. the hexadecimal value of the FCS field.
2. Using the packet detail pane, verify your answers to question 1.
Documents to Turn in
1. A copy of the Comprehensive Lab – Part 4 Lab Report Sheet that contains
answered questions.
2. A screenshot of the supporting captured information.
Be sure to review the Comprehensive Lab Assignment Resources section under the
Comprehensive Lab page.
Page 10 of 10
CSIS 535
COMPREHENSIVE LAB: PART 4 LAB REPORT SHEET
Name:
Student ID:
Date:
Section A
1
Management frame captured:
2
Control frame captured:
3
Data frame captured:
4
Frame numbers of association frames:
5
Frame numbers of beacon frames:
6
Frame numbers of probe frames:
7
Frame numbers of RTS frames:
8
Frame numbers of CTS frames:
9
Frame numbers of ACK frames:
Section B
1
a. Hexadecimal value of FC:
Significance of difference bits:
b. Duration of the frame:
c. Number of addresses in the frame:
Which entity does each address define?
d. Hexadecimal value of FCS field:
2
Are answers to question 1 verified by the information in the detail pane lane?
1
a. Hexadecimal value of FC:
Section C
Significance of difference bits:
Page 1 of 2
CSIS 535
b. Duration of the frame:
c. Number of addresses in the frame:
Which entity does each address define?
d. Hexadecimal value of FCS field:
2
Are answers to question 1 verified by the information in the detail pane lane?
Section D
1
a. Hexadecimal value of FC:
Significance of difference bits:
b. Duration of the frame:
c. Number of addresses in the frame:
Which entity does each address define?
d. Hexadecimal value of FCS field:
2
Are answers to question 1 verified by the information in the detail pane lane?
Page 2 of 2
CSIS 535
COMPREHENSIVE LAB: PART 2 LAB REPORT SHEET
Name:
Student ID:
Date:
1
Section A
AH/ESP packets are encapsulated in what protocol?
2
What is the protocol number for AH or ESP?
4
What information can an attacker sniff if she intercept an IPSec packet?
Can she get the IP addresses of the two hosts?
Can she guess about the type of packet carries by the ESP?
5
Open an AH or an ESP packet. What information is inside the packet?
1
Section B
How many different ISAKMP exchange types are in the trace?
2
Does an ISAKMP use the service of UDP or TCP?
3
In which exchange type do you find the Security Association (SA)?
4
What encryption method is used?
5
What authentication method is used?

Purchase answer to see full
attachment

  
error: Content is protected !!