Scribd Logo
Upload

Welcome to Scribd!

  • Deteccion de Intrusos: Laboratorio # 2.tcpdump Using Filters

    Uploaded by

    Juan Andres Quintero
    17 views5 pages
    This document provides instructions and questions for a lab activity analyzing network traffic data using TCPDump. Students are asked to run TCPDump with various filters on a pcap file and answer questions about the IP and TCP header values and flags seen in the network packets. Questions include identifying packets with IP options, checking IP header length, version, payload length, embedded protocol, TCP header size, fragment offsets, and packets setting various TCP flags alone or in combination like ACK, RST, PSH, and FIN.

    Original Description:

    redes, cisco

    Original Title

    Laboratorio cisco redes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions and questions for a lab activity analyzing network traffic data using TCPDump. Students are asked to run TCPDump with various filters on a pcap file and answer questions about the IP and TCP header values and flags seen in the network packets. Questions include identifying packets with IP options, checking IP header length, version, payload length, embedded protocol, TCP header size, fragment offsets, and packets setting various TCP flags alone or in combination like ACK, RST, PSH, and FIN.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    17 views5 pages

    Deteccion de Intrusos: Laboratorio # 2.tcpdump Using Filters

    Uploaded by

    Juan Andres Quintero
    This document provides instructions and questions for a lab activity analyzing network traffic data using TCPDump. Students are asked to run TCPDump with various filters on a pcap file and answer questions about the IP and TCP header values and flags seen in the network packets. Questions include identifying packets with IP options, checking IP header length, version, payload length, embedded protocol, TCP header size, fragment offsets, and packets setting various TCP flags alone or in combination like ACK, RST, PSH, and FIN.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    SENA

    Deteccion de intrusos
    Nombre(s) Estudiante(s): ____________________________________________ Grupo:
    _______
    ____________________________________________
    Grupo: ______
    ____________________________________________ Grupo:
    _______
    ____________________________________________
    Grupo: ______

    Laboratorio # 2.TCPDump using filters.


    For this part of the lab use the file lab1.lpc as input to TCPDump and answer the
    following questions, based on your experience with lab # 1:
    2.1 What records if any have IP options. Explain.
    Hint: display records with hexadecimal option.

    Se buscan los registros con un valor mayor a 45 en el primer byte, esto porque 4
    corresponde a la versin IP y 5 a la longitud del encabezado IP, cualquier valor
    mayor a 45 indica que el encabezado es ms grande del estndar y por lo tanto
    tiene opciones.
    Command used:
    2.2 What is the IP header length in decimal of the first IP record:
    (5 * 4) = 20 bytes

    Command used:
    2.3 What is the IP Version of the first record IP record:

    Version 4
    2.4 What is the payload length in decimal of the first IP record:

    Cero

    2.5 What is the embedded protocol of the 4thIP packet:

    TCP
    2.6Is there any TCP record that has options? Explain.

    Se determina el tamao del header TPC hacienda uso del campo tpc[12]
    buscando registros que contengan un valor mayor a 50.
    Command used:
    2.7 If there are any fragments in the data, what is the decimal value of the
    fragment offset field found in the hex record?

    Command used:

    2.8 Is there any record with the R flag set? Explain.

    Command used: tcpdump r lab1.lpc tcp and tcp[13]&0x04=0x04


    For the second part of this lab you will continue using the same file. This part
    emphasizes the use of TCP flags. Say for example you need to check if the SYN flag
    is set, you use the filter tcp[13] & 0x02 !=0 because in the 13 th octet of the TCP
    header the second bit correspond to the SYN flag:
    2^3
    CW
    R

    2^2

    2^1

    2^0

    2^3

    2^2

    2^1

    2^0

    ECE

    URG

    ACK

    PSH

    RST

    SYN

    FIN

    THE &symbol corresponds to the AND.


    2.9 How many records have only the ACK flag set?:

    Command used:
    2.10 How many records have the ACK flag set?:

    Command used:
    2.11 How many records have the RST or ACK flag set.

    Command used:
    2.12 How many records have either the RSTorACK flag set.
    Command used:
    2.13 How many records have exactly the RST and ACK flags set.

    Command used:
    2.14 How many records have the Push and ACK flags set?

    Command used:
    2.15 How many records have the Fin flag set?

    Command used:

    You might also like