OPEN SOURCE NETWORK ANALYSIS LABORATORY

Ex No : 2 Name : Dhileep D

Date: 21/02/2024 Roll No: 71762105014

______________________________________________________________________________

Aim :

To Make a case study on networking concepts

1)What is network monitoring?

Network monitoring is the process of observing and analyzing the performance, availability,
and security of computer networks. It involves the continuous monitoring of network
devices, traffic, and systems to detect and diagnose issues, ensure optimal performance,
and maintain network integrity.
2)Why network monitoring is needed?

Network monitoring is essential for various reasons:

● Performance optimization: Monitoring helps identify and resolve network bottlenecks, ensuring
efficient use of resources and optimal performance.

● Issue detection and troubleshooting: It allows early detection of network issues, such as
bandwidth congestion, packet loss, or device failures, enabling prompt troubleshooting and
resolution.

● Security enhancement: Monitoring helps detect and mitigate security threats, such as malware
infections, intrusion attempts, or unauthorized access, thereby enhancing network security.

● Compliance and regulatory requirements: Many industries have regulatory requirements

mandating network monitoring to ensure data privacy, security, and compliance with standards.

● Capacity planning: By analyzing network usage patterns and trends, monitoring assists in capacity
planning, helping organizations anticipate future network needs and scale resources accordingly.

3)List some open-source tools available for network analysis

 .Wireshark
 Nagios
 Zabbix
 Cacti
 OpenNMS
 ntopng
 Icinga
 Observium
 NetXMS

4)What is an IP address and port address?

● IP address: An IP (Internet Protocol) address is a unique numerical identifier assigned to each
device connected to a computer network. It enables devices to communicate with each other across
networks.

● Port address: A port address is a numeric value used by network protocols to identify specific
applications or services running on a device. It acts as a communication endpoint for network
connections

5)Name some well-known ports.

 Port 80: HTTP (Hypertext Transfer Protocol)

 Port 443: HTTPS (HTTP Secure)
 Port 21: FTP (File Transfer Protocol)
 Port 25: SMTP (Simple Mail Transfer Protocol)
 Port 22: SSH (Secure Shell)
 Port 53: DNS (Domain Name System)
 Port 110: POP3 (Post Office Protocol version 3)
 Port 143: IMAP (Internet Message Access Protocol)
 Port 3306: MySQL Database Server
 Port 8080: HTTP Alternate (commonly used for web proxies)

6)What is port scanning?

Elaborate. Port scanning is the process of systematically scanning a target computer or network to
identify open ports and services available on the target system. Port scanning tools send network
packets to a range of port numbers and analyze the responses to determine which ports are open,
closed, or filtered. Port scanning is often used for network reconnaissance, vulnerability assessment,
and security auditing.

7)What is an IP protocol scan? Why do attackers do it?

An IP protocol scan is a type of network reconnaissance technique used to determine which IP

protocols (such as ICMP, TCP, UDP) are supported by a target host. Attackers perform IP protocol
scans to gather information about the network configuration, identify potential vulnerabilities, and
plan further attacks. By understanding the supported protocols, attackers can exploit weaknesses in
specific protocol implementations to gain unauthorized access or launch attacks on the target
network.

8)What is subnetting?

Subnetting is the process of dividing a large network into smaller, more manageable subnetworks,
known as subnets. It involves creating logical subdivisions of a network by borrowing bits from the
host portion of the IP address to create network IDs and subnet masks. Subnetting helps improve
network performance, reduce broadcast traffic, and enhance security by logically segmenting the
network into smaller, isolated units.

9) What is multicasting and broadcasting?

● Multicasting: Multicasting is a network communication method where data packets are sent from
one sender to multiple recipients simultaneously. It is commonly used for one-to-many or many-to-
many communication scenarios, such as streaming multimedia content or distributing updates to
multiple clients.
 ● Broadcasting: Broadcasting is a network communication method where data packets are sent
from one sender to all devices on the network. It is used for one-to-all communication scenarios,
such as sending network-wide announcements or service discovery requests. Broadcasting can
create network congestion and security risks if not properly controlled.

10)List some reasons for packet dropping.

Packet dropping can occur due to various reasons, including:

● Network congestion: When the network is overloaded with traffic, routers may drop packets to
alleviate congestion and prevent performance degradation.

● Buffer overflow: If the buffer capacity of a network device is exceeded, incoming packets may be
dropped to avoid buffer overflow and data loss.

● Hardware failures: Malfunctioning network devices or faulty hardware components can result in
packet loss.

● Configuration errors: Misconfigured routers, switches, or firewalls may inadvertently drop packets
due to incorrect settings or access control lists.

● Security policies: Security devices such as firewalls or intrusion prevention systems (IPS) may drop
packets that violate security policies or pose a security risk.

● Quality of Service (QoS) policies: Network devices may prioritize certain types of traffic over others
based on QoS policies, leading to packet dropping for lower-priority traffic during periods of
congestion.

11)What is the IP for broadcasting? How is it executed?

● The IP address for broadcasting is usually the highest address in the network segment, known as
the broadcast address. For example, in a network with subnet mask 255.255.255.0 (which allows 254
hosts), the broadcast address would typically be x.x.x.255.

● Broadcasting is executed by sending data packets to all devices on the network. The sender
specifies the broadcast address as the destination IP address in the packet header. When the packet
reaches a router or switch, it is forwarded to all devices within the broadcast domain.

12)What is a DoS attack?

● A DoS (Denial of Service) attack is a malicious attempt to disrupt the normal functioning of a
target system, network, or service by overwhelming it with a flood of illegitimate traffic or requests.
The objective of a DoS attack is to make the target resource unavailable to its intended users,
thereby denying them access to the service.

13)What is TCP? Draw a packet format.

● TCP (Transmission Control Protocol) is a connection-oriented transport layer protocol used for
reliable and ordered delivery of data packets over IP networks. TCP provides mechanisms for error
detection, flow control, and congestion avoidance.

● TCP Packet Format:

14)What is ARP and RARP?

● ARP (Address Resolution Protocol): ARP is a protocol used to map an IP address to a MAC (Media
Access Control) address within a local network segment. When a device needs to communicate with
another device on the same network, it uses ARP to resolve the MAC address corresponding to the
destination IP address.

● RARP (Reverse Address Resolution Protocol): RARP is the reverse of ARP. It is used to map a MAC
address to an IP address. RARP allows a device to obtain its IP address dynamically from a RARP
server based on its MAC address.

15)Write the difference between switch, router, gateway, and firewall.

● Switch: A switch is a network device that operates at the data link layer (Layer 2) of the OSI model.
It forwards data packets within a local network segment based on MAC addresses. Switches create
separate collision domains, improving network performance.

● Router: A router is a network device that operates at the network layer (Layer 3) of the OSI
model. It forwards data packets between different networks based on IP addresses. Routers create
separate broadcast domains and perform routing functions, allowing communication between
different networks.

● Gateway: A gateway is a network device or software component that acts as an entry point to
another network or protocol. It translates between different network protocols or architectures,
allowing communication between incompatible systems.

● Firewall: A firewall is a network security device or software that monitors and controls incoming
and outgoing network traffic based on predetermined security rules. It acts as a barrier between a
trusted internal network and untrusted external networks, protecting against unauthorized access
and malicious threats.

16)What is packet sniffing?

● Packet sniffing is the process of intercepting and analyzing data packets as they travel across a
computer network. Packet sniffers capture network traffic in real-time, allowing users to inspect the
contents of packets, including source and destination addresses, protocol information, and payload
data. Packet sniffing can be used for network troubleshooting, security monitoring, and performance
analysis.

17)What is a man-in-the-middle attack?

● A man-in-the-middle (MITM) attack is a form of cyber attack where an attacker intercepts and
alters communication between two parties without their knowledge. The attacker secretly relays
and possibly modifies the communication between the legitimate parties, allowing them to
eavesdrop on sensitive information or inject malicious content into the communication.

18)What’s SQL Injection attacks?

● SQL injection is a type of web application security vulnerability that allows attackers to manipulate
a web application's backend database by injecting malicious SQL code into input fields or
parameters. By exploiting SQL injection vulnerabilities, attackers can bypass authentication, access
unauthorized data, modify or delete database records, or execute arbitrary commands on the
server.

19)Is there any difference between malware and virus? Discuss.

● Malware is a broad term used to describe any malicious software designed to disrupt, damage, or
gain unauthorized access to computer systems or networks. It includes various types of malicious
software, such as viruses, worms, Trojans, ransomware, spyware, adware, and rootkits.

● A virus is a specific type of malware that self-replicates by inserting copies of itself into other
programs or files. Unlike other types of malware, viruses require human interaction to spread, such
as opening infected email attachments or executing infected files. While all viruses are malware, not
all malware are viruses.

20)What is UDP? Draw a packet format.

● UDP (User Datagram Protocol) is a connectionless transport layer protocol used for sending
datagrams (packets) over IP networks. Unlike TCP, UDP does not establish a connection before
transmitting data and does not provide reliability or error recovery mechanisms.

Result:
Thus the case study on networking concepts successfully completed.