CS

CPTR 494 final Project

Part 1: Setting Up Wireshark and Initial Capture

1. Install Wireshark (if not already installed):

Download and install Wireshark from

Ensure that the user has appropriate privileges to capture network traffic

(admin/root access may be required).

2. Start Wireshark:

Open Wireshark.

Select the network interface that you will capture from (e.g., Ethernet, Wi-Fi).

Click on the Start Capturing Packets button (the blue shark fin icon).

3. Generate Traffic:

Open a browser and visit a few websites.

Perform a file download or stream a video to generate more traffic.

4. Stop the Capture:

After a few minutes, click the Stop Capturing Packets button (the red square).

Part 2: Analyzing Network Traffic

1. Examine Protocols:

In the Wireshark window, notice the Protocol column.

Identify common protocols like HTTP, HTTPS, TCP, UDP, DNS, etc.

Use the filter bar to focus on specific protocols:

Example: http to view only HTTP packets.

Example: dns to view only DNS queries.

2. Follow TCP Streams:

Select any packet from the TCP protocol.

Right-click and choose Follow → TCP Stream.

This feature will show you the complete conversation between two hosts in a

session.

Identify any readable content (especially in unencrypted protocols like HTTP).

Part 3: Identifying Security Concerns

1. Unencrypted Data:

Use the HTTP filter (http) to locate HTTP traffic.

Select a packet and inspect its details in the packet content section.

You should be able to see the request and response sent over HTTP. Look for

plain-text data like usernames, passwords, or sensitive information.

2. DNS Queries:

Use the DNS filter (dns) to view DNS query and response traffic.

Analyze what domain names are being requested and to which IP addresses they

are resolved.

3. SSL/TLS Traffic:

Use the HTTPS filter (ssl) to find encrypted HTTPS traffic.

Notice the difference from HTTP traffic — you cannot see the actual content of

encrypted communication, but you can still analyze the structure of the

handshake.

4. Man-in-the-Middle Vulnerabilities (Discussion):

Discuss how unencrypted traffic (like HTTP) can be intercepted by attackers.

Explain how HTTPS prevents eavesdropping but also highlight the risk of

SSL/TLS attacks (e.g., SSL stripping).

Part 4: Practical Task – Password Capture (Simulated)

Note: This section should be conducted in a controlled environment to avoid capturing sensitive

real-world data.

1. Simulated Login Capture:

Open a website or local service that uses plain HTTP for login (set up in a local

environment, e.g., a demo website using HTTP).

Enter dummy credentials (e.g., username: admin, password: password123).

2. Capture and Analyze the Traffic:

In Wireshark, use the filter http to locate the HTTP POST request.

Look into the packet details and identify the credentials sent in plain text.

Discuss the implications of sending credentials over unencrypted channels.

Part 5: Exporting and Reporting

1. Export Packet Capture:

Go to File → Export Specified Packets to save the capture file for further

analysis or report writing.

2. Lab Report:

Based on your capture, write a brief report discussing:

The types of protocols captured.

Any security concerns you observed (e.g., unencrypted credentials).

The importance of encryption in network security.

Lab Wrap-Up and Discussion

1. Reflection:

Discuss the importance of using tools like Wireshark to monitor network traffic.

How could an attacker exploit insecure network communications?

Resource:

Cisco Packet Tracer

To create a beginner lab in Cisco Packet Tracer that focuses on IPv6 and ICMP, you can

configure devices to use IPv6, and then analyze how ICMP works for network diagnostics. The

video link is a tutorial on Cisco Packet Tracer, explaining the software’s functions, features, and

how to use it for networking simulations. It covers setting up basic network devices, configuring

routers and switches, creating topologies, and using the simulation mode to visualize packet

flows. This video is ideal for beginners looking to understand networking and practice network

configurations in a virtual environment.

You can watch it here:

Part 1: Network Topology Design

Cisco Packet Tracer installed.

Basic understanding of networking concepts like IP addressing, routers, and pings.

Familiarity with the Cisco Packet Tracer environment.

Step 1: Create the Network

Use two PCs (PC0 and PC1) and two Routers (Router0 and Router1).

Interconnect the devices with Ethernet cables.

PC0 should connect to Router0.

PC1 should connect to Router1.

Router0 and Router1 should be connected to each other via a Serial Connection

(if using older router models) or via Ethernet for newer models

(GigabitEthernet).

Step 2: Configure Network Settings

Assign IP addresses to the routers and PCs using IPv6.

Part 2: Configuring IPv6 on Routers and PCs

Step 1: Configure Router0 and Router1

1. Configure Router0:

Click Router0 > CLI.

Enter the following commands:

Router> enable

Router# configure terminal

Router(config)# interface gigabitethernet0/0

Router(config-if)# ipv6 address 2001:0db8:1::1/64

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# interface serial0/0/0 (for serial interface)

Router(config-if)# ipv6 address 2001:0db8:2::1/64

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# ipv6 unicast-routing

Router(config)# exit

Router# copy running-config startup-config

1. Configure Router1:

Click Router1 > CLI.

Enter the following commands:

Router> enable

Router# configure terminal

Router(config)# interface gigabitethernet0/0

Router(config-if)# ipv6 address 2001:0db8:3::1/64

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# interface serial0/0/0 (for serial interface)

Router(config-if)# ipv6 address 2001:0db8:2::2/64

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# ipv6 unicast-routing

Router(config)# exit

Router# copy running-config startup-config

Step 2: Configure PCs

1. Configure PC0:

Click PC0 > Desktop > IP Configuration.

Set the IPv6 address to 2001:0db8:1::2/64 and the default gateway to

2001:0db8:1::1.

2. Configure PC1:

Click PC1 > Desktop > IP Configuration.

Set the IPv6 address to 2001:0db8:3::2/64 and the default gateway to 2001:0db8:3::1.

Part 3: Testing Connectivity with ICMP (Ping)

Step 1: Ping between PCs

Go to PC0 > Desktop > Command Prompt and use the following command to ping

PC1:

ping 2001:0db8:3::2

Go to PC1 and ping PC0:

ping 2001:0db8:1::2

Expected Result: The ping should succeed if the routing and interfaces are correctly configured.

Task:

Test the ping to verify connectivity between the devices.

Troubleshoot any issues that might occur (e.g., no connection due to incorrect IP

addresses or interfaces not being enabled).

Part 4: Viewing and Analyzing ICMPv6 Traffic

Step 1: Capture ICMPv6 Traffic

Cisco Packet Tracer allows you to capture and view packets.

Click on the Simulation tab at the bottom.

Choose ICMP from the filters on the right side.

Start a new ping from PC0 to PC1 or vice versa.

Watch the simulation and observe the ICMP packets.

Step 2: Analyze the Packet

Click on one of the captured ICMP packets to open it.

Review the packet contents, specifically the ICMP message types (128 for Echo Request,

129 for Echo Reply).

Task:

Identify the fields in the ICMPv6 packet (Type, Code, Checksum).

Explain the function of an ICMP Echo Request and Reply.

Part 5: Traceroute and ICMP Error Messages (Optional)

Step 1: Traceroute

On PC0, run the tracert command to trace the path to PC1:

tracert 2001:0db8:3::2

Observe how ICMP Time Exceeded messages are generated at each hop.

Task:

Explain how traceroute uses ICMP messages to map the route between devices.

View and analyze the Time Exceeded ICMP messages in the simulation mode.

Lab Steps: Vulnerability scanning

Part 1: Setup Nessus

1. Install Nessus:

• Download and install Nessus from the Tenable website.

2. Configure Nessus:

• Start Nessus and log into the web interface.

• Navigate to Settings > Scans and click New Scan.

Part 2: Run a Scan

1. In Nessus, set up a Basic Network Scan.

• Target: ( localhost or specific individual IPs).

• Leave default settings, or choose specific scan types (e.g., vulnerability scan).

2. Start the Scan and monitor progress.

Part 3: Analyze Results

1. Review Vulnerabilities:

• Once the scan completes, review the report.

• Categorize findings (Critical, High, Medium, Low).

2. Document Vulnerabilities:

• For each vulnerability, take note of:

• CVE (Common Vulnerabilities and Exposures) ID.

• Description.

• Solution or recommended actions.