DIGITAL ASSIGNMENT 3

INFORMATION SECURITY ANALYSIS AND AUDIT (ELA)

Name – Praneel Mishra Reg. No. – 18BIT0426
Course Code – CSE3501 Faculty – Prof. Thandeeswaran R.

QUESTION : Using Wireshark, Capture live traffic, store it in a *.pcapng and perform the following
tasks:

1: Filter the most Active TCP connection.

2: Analyse TCP Errors and prepare a detailed report.

3: Identify the user agents are being used on your network.

4: Filter background network noise.

5: Detect Possible DDoS аttаcks.

SOLUTION :
1 : Filter the most Active TCP connection.
Command Used - tcp

The above given packets on the screen are all the TCP active Connection.

1|P a ge
2 : Analyse TCP Errors and prepare a detailed report.

Error name = NEW FRAGMENT OVERLAPS OLD DATA (Retransmission?) ; COUNT = 3 :

Client is accessing this server and after sometimes the browser gets stuck and there is no
data. After doing packet captures on both ends we have seen some errors ( last section of
server file ) . There is a firewall in between but I have been told that there is nothing there
blocking any such thing and since the TCP session is already established I believe it isnt a
firewall issue .

2|P a ge
DETAILED OVERVIEW OF A PACKET :

3 : Identify the user agents are being used on your network.

IDENTIFY USER WITH IP = 192.168.0.102

Not only we can track the agent users ,but, also the agent user concerned with HTTP Traffic
using the following command - http.request and !(ssdp)

3|P a ge
4 : Filter background network noise.
Background Network Noise can be tracked using the following command :
!(arp or icmp or dns)

DETAILED DESCRIPION OF A PACKET :

4|P a ge
5 : Detect Possible DDoS аttаcks.
DETECTED USING THE COMMAND CODE :
tcp.flags.syn==0 and tcp.flags.ack==0

DETAILED OVERVIEW OF A PACKET :

5|P a ge