Scribd
Upload
12 views

Worksheet 10 is Lab

Uploaded by

arajo4688
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

Worksheet 10 is Lab

Uploaded by

arajo4688
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Worksheet- 10

Student Name: Aditya Kumar UID: 19BCS3048


Branch: BE CSE Section/Group: NTPP_IS_1/A
Semester: 6th Date of Performance: 02-05-2022
Subject Name: Information Security Lab Subject Code: CSB-372

1. Aim/Overview of the practical:


Identify the malicious packets from affected / compromised systems over network communications
using Wireshark tool.
There are various types of packet-sniffing programs, including both free and commercial ones. Each program is designed
with different goals in mind. A few popular packet-analysis programs are tcpdump, OmniPeek, and Wireshark .tcpdump
is a command-line program. OmniPeek and wireshark. Wireshark have graphical user inter- faces (GUIs).Wireshark is the
world‟s foremost and widely-used network protocol analyzer. It lets us see what‟s happening in our network at a
microscopic level.

Wireshark offers several benefits that make it appealing for everyday use. It is aimed at both the journeyman and the
expert packet analyst, and offers a variety of features to entice each.

Indicators of compromise (IOCs) are pieces of forensic data, such as data found in system log entries or files, that identify
potentially malicious activity on a system or network

The Steps are as follows:

• Finding the Hash of infected file


• Checking whether the file is infected or Not:
• Finding the host name, Domain name, IP address and MAC address

2. Steps/Code for experiment/practical:

▪ Finding the Hash of infected file:


For Collecting hash of infected file follwing steps has been followed
(i) apply filter http.request in wireshark .
(ii) from the resuts of step(i) get the affected files from http objects.
(iii) Save the affected file.
(iv) Get Hash of the file saved .
▪ Checking whether the file is infected or Not:

By applying filter http.request a file and its hash can be found in(I). In next step it has to be checked whether the file
is malicious or not .For this obtained file hashes has been checked at virustotal.com. VirusTotal is a website created
by the Spanish security company Hispasec Sistemas. Launched in June 2004.

▪ Finding the host name, Domain name, IP address and MAC address:

Details have been found from NBNS traffic steps for obtaining host name , domain name,IP address and MAC
address are as follows

(i) apply NBNS as filter.


(ii) for given source IP obtained the host DESKTOP-OF4FE8A .
(iii) Domain Name can be found under hyper text transfer protocol in second window of wireshark.
(iv) Obtained Domain is ncznw6a.com.
(v) Ger IP address of the host under Internet protocol in same window.
(vi) Obtained IP addrees of host is 10.8.21.163.
(vii) IP address of infected machine is 45.12.4.190 .
(viii) MAC address of infected machine is 10:c3:7b:0a:f2:85.

(Hostname from NBNS Traffic)

(Domain Address)
(IP Address of Onfected Host)

3. Result/Output/Writing Summary:
The cases of packet analysis by collecting values for Indicators of compromise will help to realize
packet analysers, especially WireShark which is crucial to network forensics.

“Indicators of compromise” helps to use threat data effectively, identify malware and quickly respond to
incidents. Packet analyzer like wireshark can be used for security.

However, despite its rich toolset, it is important to keep in mind that Wireshark is not an intrusion
detection system. WireShark will not warn us when someone does strange things on network that he is
not allowed to do, and it will not manipulate things on the network such as sending packets. The
usefulness of Packet analyzer is that it is a convenient and effective tool that can help network security
professionals figure out what is really happening in the network if strange things happen.

Evaluation Grid:

Sr. No. Parameters Marks Obtained Maximum Marks


1. Demonstration and Performance 5
(Pre Lab Quiz)
2. Worksheet 10
3. Post Lab Quiz 5

You might also like