Scribd
Upload
14 views2 pages

MCS502 Tutorial 4

This document outlines a tutorial for detecting and mitigating network attacks using Wireshark. It includes tasks for capturing network traffic, analyzing packets to detect attacks such as DDoS, and filtering packets for specific types of traffic. Additionally, it requires students to explain DoS/DDoS attacks, other types of attacks like ARP and DNS spoofing, and to provide mitigation strategies along with screenshots of their analysis.

Uploaded by

yashdesai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views2 pages

MCS502 Tutorial 4

This document outlines a tutorial for detecting and mitigating network attacks using Wireshark. It includes tasks for capturing network traffic, analyzing packets to detect attacks such as DDoS, and filtering packets for specific types of traffic. Additionally, it requires students to explain DoS/DDoS attacks, other types of attacks like ARP and DNS spoofing, and to provide mitigation strategies along with screenshots of their analysis.

Uploaded by

yashdesai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

MCS502 Intro to Cyber and Network Security

Tutorial 4
Detecting and Mitigating Network Attacks with
Wireshark

Task 1: Capturing Network Traffic


Open Wireshark. You will see a list of available network interfaces. Select the one that
you want to monitor (suggestion: wifi).

1. Start a capture
• Select the network interface to capture traffic from
• Click on the Shark Fin icon or press Ctrl + E to start capturing traffic
• You will start seeing packets being captured in real-time

2. Stop the capture


• Let the capture run for a sufficient amount of time to gather data
• Click on the Stop icon or press Ctrl + E again to stop capturing

Task 2: Detecting Network Attacks


Analysing the Capture

Inspect packets:

• Look through the captured packets. Wireshark color-codes packets based on


protocol types.
• Use the packet list, packet details, and packet bytes panes to inspect individual
packets.

Filtering packets:
• Use Wireshark's filtering capabilities to isolate packets of interest. For example,
to isolate TCP SYN packets, use the filter tcp.flags.syn == 1 and tcp.flags.ack ==
0
• If you see a load of SYN packets with no ACK packets, and all of those SYN
packets are also targeted at the same IP address with different source IP’s, that
is a very common sign of a DDoS attack (SYN flood attack)
Note: You may not see any packets after filtering because the attack does not
exist in your current capture. If you want to see an example, please download
pkt.TCP.synflood.spoofed.pcap from Moodle and use the above filter.

Task 3: Submit your work


1. Answer the following question with your own words:
- What is a DoS/DDoS attack, and how does it work? Provide a mitigation strategy
for this attack.
- There are other types of attacks, such as the ARP and DNS spoofing attacks.
Please find out and explain about these attacks and provide a mitigation strategy.
- What is a DoS/DDoS attack, and how does it work?

2. Take screenshots from Task 2. Please also provide subtitles so I know which
screenshot(s) is for which part.

3. Put your answer and screenshots into one document.

You might also like