Analysing Network Traces and Port Scans

Assignment Type

This is for individuals. Submit your results in a document to the myCourses folder.

Setup

You will need to install Wireshark from wireshark.org
You can use your own PC, or an RLES VM. RLES

Background

• You are provided a Wireshark network trace
  • winserverbasicscan-2022.pcapng
• As a security investigator, you are required to analyse the network trace.
  • NOTE: The client (where the scan was run) is on the 192.x.x.x subnet.

Expected Outputs

• Using Wireshark, load the network trace provided and answer the following questions:
• Find the pairs of network frames (line numbers for each the frames in Wireshark) that correspond to attempts finding open ports as listed in the template
• As part of the investigation, identify the port numbers interrogated for the above list
• Find out the result of interrogating these ports (open/ closed/ something else [e.g. filtered or open])
• Refer to lectures for possibilities
• Explain how the determination of port status is made
  • Use the template provided, using this document: Wireshark-PortScanAssignment-2022.docx to summarize your results, and submit to the myCourses assignment folder
• Also answer the following question:
  • What is the IP address of the device being targeted by the network scan?

Grading

• 25 points total
  • 5 points for each correct analysis of the ports listed in the template, with good rational for conclusion