Infa 620 laboratory 2 context


INFA 620 Laboratory 2  Context

The purpose of this lab is to practice examining traffic using a protocol analyzer and recognize a SYN attack. 

The SYN flood attack is one of the common Denial of Service (DoS) attacks in the Internet. In the SYN flood attack, an attacker sends a large number of SYN packets to the server, ignores SYN/ACK replies and never sends the expected ACK packet. Basically, the attacker overwhelms the server with many half-established connections and exhausts the server resources, and hence the attack is known as a DoS attack.

The tool you will be using is known as Wireshark, a well-known open source packet analyzer. The exercise will demonstrate that recognizing an attack requires sophisticated tools (such as Wireshark), hard work (what you are about to put in) and knowledge of the domain (TCP/IP network). 


You can perform this exercise either using Wireshark on your machine or a remote lab supplied by UMUC, known as DaaS. I encourage that you carry out the exercise using the remote Lab. The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote Virtu, knioal Lab using VPN module under Course Content. (Note: For this laboratory exercise, you need to access only NIXEXT01 (External) node. wireshark is available on that machine. 

The access to the needed “.cap” files is as follows: On the NIXEXT01 machine, open the folder Lab Resources (use the right click to open a menu and then choose open), the open the Projects folder the same way and then execute Download Project Resources (again use the right click button to find the execute option. This will bring all the .cap file both for Lab 2 and Lab 3.

If you want to perform the exercise on your home computer, download wireshark from http://www.wireshark.orgSelect all installation options. (Note: These files are about 20 MB and may take a long time to download on a slow link.) You may also download the documentation.

Wireshark can both capture packets and read trace files of packets that have already been captured. However, this is not a packet capturing exercise. This is a packet analysis exercise of packets that were previously captured.

1. Obtain trace files of the TCP handshake process.

  1. Get the files: “tcpshake.cap” (TCP: Handshake      Process) and “tcp-syn-attack.cap” (TCP: TCP SYN Attack) from the      LEO Lab 2 assignment folder. (If you are using the UMUC remote facility,      the files can be downloaded, as described above.) The .cap files are the      ones you really need in this exercise. The .cap files are in the      proprietary Sniffer format and can be read only with Wireshark. 
  2. There are also two other files, ending in .prn in the      LEO Lab 2 folder. The two .prn files are text files corresponding to the      respective .cap files; you can read it with Notepad or Wordpad. 

2. Read the tcpshake.cap trace file. This trace file captured three packets of a successful connection handshake. Become familiar with Wireshark’s interface.

  1. Double click tcpshake.cap. This will automatically      bring up wireshark, since the .cap files are associated with Wireshark.
  2. Explore the trace in the three cap files  panes of the analyzer. These three panes      are standard to most analyzers. They are the summary pane, the protocol      tree pane, and the hex pane.
  3. Explore the preferences and configuration options in      Wireshark. 

3. Read the tcp-syn-attack.cap file and answer the following 10 questions (10 points each):

  1. Is this a      two-way conversation? 
  2. Are there any      ACK’s? 
  3. How long is the      data portion of each packet? Why? 
  4. Why is the      sequence number zero (seq=0) in every packet? 
  5. Why do the port      numbers change in every packet? 
  6. Look at the      “Time” column in the summary pane. Explain the various options      it supports? 
  7. Click the      “View” menu and select “Time Display Format”.      “Seconds since beginning of capture” is checked. Select      “Seconds since Previous Captured Packet”. How frequently are      these packets being sent? 
  8. Where in the      protocol tree pane would you find the protocol “Type” field? 
  9. Look in the      flags section of the transport layer (Transmission Control Protocol”      in the protocol tree section for one of the packets. What flags are set? 
  10. How does a SYN      attack deny service? 

Post your answer in the Lab 2 assignment folder.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more