Scribd Logo
Upload

Welcome to Scribd!

  • 7.0.1.2 Lab Whats Going On

    Uploaded by

    Randy Narinesingh
    6 views2 pages
    This document provides instructions for using the TCPView software to identify processes running on a computer, the protocols they are using, and their local and remote port addresses. The objectives are to launch TCPView, answer questions about the number of endpoints, processes listening and established connections, and observe the TCPView window as a browser is used to load web pages. This allows the user to see how processes and connections are displayed in real-time and help understand the meaning of different colors in TCPView.

    Original Description:

    Original Title

    7.0.1.2_Lab___Whats_Going_On

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for using the TCPView software to identify processes running on a computer, the protocols they are using, and their local and remote port addresses. The objectives are to launch TCPView, answer questions about the number of endpoints, processes listening and established connections, and observe the TCPView window as a browser is used to load web pages. This allows the user to see how processes and connections are displayed in real-time and help understand the meaning of different colors in TCPView.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views2 pages

    7.0.1.2 Lab Whats Going On

    Uploaded by

    Randy Narinesingh
    This document provides instructions for using the TCPView software to identify processes running on a computer, the protocols they are using, and their local and remote port addresses. The objectives are to launch TCPView, answer questions about the number of endpoints, processes listening and established connections, and observe the TCPView window as a browser is used to load web pages. This allows the user to see how processes and connections are displayed in real-time and help understand the meaning of different colors in TCPView.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Lab - What's Going On?

    Lab 7.0.1.2 – What's Going On?


    This lab has been updated for use on NETLAB+.
    www.netdevgroup.com

    Objectives
    Identify the processes running on a computer, the protocol they are using, and their local and remote port
    addresses.

    Background / Scenario
    For a hacker to establish a connection to a remote computer, a port must be listening on that device. This
    may be due to infection by malware, or vulnerability in a legitimate piece of software. A utility, such as
    TCPView, can be used to detect open ports, monitor them in real-time, and close active ports and processes
    using them.

    Step 1: Launch the TCPView software.


    a. Access the WinClient machine. Unlock the machine by clicking on the drop-down arrow for that specific
    machine’s tab and select Send CTRL+ALT+DEL.

    b. Login as the CyberOpsUser using cyberops as the password.

    c. Double-click the Toolbox folder found on the Desktop. Open the TCPView folder and double-click the
    Tcpview.exe application to start it.

    d. Finally, agree to the software license terms by clicking Yes.

    © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
    Lab - What's Going On?

    Step 2: Answer the following questions.


    a. How many Endpoints are listed?

    b. How many are Listening?

    c. How many Endpoints are Established?

    Step 3: Use a browser and observe the TCPView window.


    a. Open the Options menu and verify that there is a checkmark next to “Always on Top”. If not, click
    “Always on Top”.
    Note: Use the Help section of the program to help you answer the following questions.
    b. Open the Mozilla Firefox web browser.
    What happens in the TCPView window?

    c. Browse to the web server 209.165.200.235.


    What happens in the TCPView window?

    d. Close the browser.


    What happens in the TCPView window?

    What do you think the colors mean?

    Note: To close a process directly, right-click the process and choose End Process. Using this method can
    cause a program or the operating system to become unstable. Only end processes that you know are safe to
    end. This method can be used to stop malware from communicating.

    © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2

    You might also like