Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda –...
Transcript of Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda –...
![Page 1: Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im Figuring out the IP address and](https://reader033.fdocuments.us/reader033/viewer/2022060408/5f0ff4f37e708231d446ba21/html5/thumbnails/1.jpg)
Page 1 of 5
Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im
Figuring out the IP address and subnet mask of host
Ipconfig /all
• Most physical interfaces in PCs will identify the IP address as the “Wireless LAN
adapter Wi-Fi.”
• IP: 192.168.2.6
• Subnet Mask: 255.255.255.0
• Network address: 192.168.2.0/24
Figure out IP address in the Kali
Ifconfig
• IP address: 192.168.232.128
![Page 2: Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im Figuring out the IP address and](https://reader033.fdocuments.us/reader033/viewer/2022060408/5f0ff4f37e708231d446ba21/html5/thumbnails/2.jpg)
Page 2 of 5
Analyzing FTP Signatures to understand the 3-way handshaking by following the 3
initial TCP packets
• In Wireshark, this can be done by using the ftp filter right clicking on packet of
interest following the TCP Stream. A shortcut can be the filter tcp.stream eq xx
[where xx is the integer for the packet].
Following the FTP packets that show the Username and Password in plaintext.
• Following the TCP stream shows the username a4970217 and password louisville9
• Note, that most communication over the Internet is now encrypted and hence data is
not shown in plaintext. In this case, the credentials are shown because at the very
least SSL was not implemented.
![Page 3: Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im Figuring out the IP address and](https://reader033.fdocuments.us/reader033/viewer/2022060408/5f0ff4f37e708231d446ba21/html5/thumbnails/3.jpg)
Page 3 of 5
Identifying the FTP-DATA packets used for the textfile uploading.
• Follow the TCP stream and take a screenshot of the TCP stream.
• Textfile is spread across many FTP-DATA packets, so it can be found in any of these. It
will be the same for each instance.
Ping Sweeping using Nmap
• Ping Sweeping is achieved by sending ICMP echo requests to a host. It is sort like asking,
“hello 192.168.2.0/24, are you there? This IP belongs to the network.
• In the above command line, we execute Nmap -sP 192.168.2.0/24
![Page 4: Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im Figuring out the IP address and](https://reader033.fdocuments.us/reader033/viewer/2022060408/5f0ff4f37e708231d446ba21/html5/thumbnails/4.jpg)
Page 4 of 5
Port Scanning with Nmap
• Scanning available ports on a target allows to see which ports are open and actively
listening. Knowing this can facilitate connecting to the target.
• Nmap scanme.nmap.org command line enables all reserved TCP ports on the machine.
• The server sent the initial TCP packet #18 with the SYN flag. However, it took the
client 23 seconds to reply. This also evidences why there were many RST flags
increasing buffer at the server. The client did respond with packet #1334 with a
RST/ACK. All we care is that client acknowledged connection.
• TCP packet #1334 with being 23 seconds late.
![Page 5: Figuring out the IP address and subnet mask of host...Packet Analysis by Danna Penaranda – Introduction to Network Security – fall 2016 – Dr. Im Figuring out the IP address and](https://reader033.fdocuments.us/reader033/viewer/2022060408/5f0ff4f37e708231d446ba21/html5/thumbnails/5.jpg)
Page 5 of 5
Launching a SYN Flooding Attack
• Launching a SYN Flooding attack will overflow the victim with thousands of connection
requests.
• IP address of the host machine, aka the victim and a spoofed private IP address for the
Kali machine.
• Host IP address: 10.200.251.137
• Arbitrary IP address: 192.168.100.50
• Conclusion: The host and the Kali were slowed down to where the VM wouldn’t react to
input like keyboard functionality. The IP address of my host changed because I was
connected to the UofL network. The VM froze.