MCIS 6173 Networking Security

Group Assignment 5 Due 3/9/2016

Attach a coversheet to your answers with Course Name and Number/Section, Group Assignment
#, Group Leader: Name, Group Members: Names and Student ids.
Answer the questions in reference with Lecture Series 6 Firewalls:

(1) One of the most well-known packet sniffers is called Wireshark (formerly named
Ethereal). It is a powerful tool that can capture, filter, and analyze network traffic. It can
promiscuously capture traffic on both wired and wireless networks. It is used by security and
networking professionals to troubleshoot networking problems.
In this project you will install Wireshark, capture packets, use a capture filter, and look at the
contents of a packet. When placed correctly, a network administrator can use Wireshark to see
all the traffic coming into and out of a network. Network administrators can, among other things,
see which hostnames are being requested and who is requesting them. Surfing the Web is not
anonymous.
1.
2.
3.
4.
5.

Download Wireshark from http://www.wireshark.org/download.html.

Click Download Windows Installer.
Click Save.
If the program doesnt automatically open, browse to your download directory.
Double-click the installer labeled wireshark-1.4.3.exe. The version number might be
different if a later release is available.
6. Click Next, I Agree, and Next.
7. Select Desktop Icon.
8. Click Next, Next, and Install.
9. Click Next to install WinPCap.
10. Click Next, I Agree, and Finish.
11. Click Next and Finish.
12. Double-click the Wireshark icon on your desktop.
13. Click Capture and Options.
14. Take a screenshot.
15. Select your Network Interface Card (NIC) in the Interface drop-down menu at the top of
the screen.
16. Close ALL other programs you currently have open except your word processing
program (e.g. Microsoft Word, OpenOffice Writer, etc.).
17. Click Start.
18. Let it run for 30 seconds.
19. While you are waiting open a web browser and go to www.google.com.
20. Click Capture and Stop.
21. Scroll up until you see a green and blue area. (These are the packets you captured when
you requested Googles main page.)
22. Take a screenshot.
23. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more
than one until you get to the packet that shows www.google.com in the bottom pane.)

MCIS 6173 Networking Security

Group Assignment 5 Due 3/9/2016
24. Select that row.
25. In the bottom pane you will see numbers and letters to the left. (Those are the packets
contents in hexadecimal.) Just to the right you will see the content of the packet in a
column.
26. Select the text: www.google.com.
27. Take a screenshot.
You just picked packets off your network and looked at their contents. There may have been
traffic that you couldnt understand. Most people are surprised at the number of packets that are
needed to get a single webpage to load. Wireshark has additional online documentation at
www.Wireshark.org that will help you understand the other packets you captured.
Now you are going to filter out all the extra packets you captured and just look at Web traffic
running over port 80.
28. With Wireshark open click Capture and Options.
29. If you havent already done so, select your Network Interface Card (NIC) in the Interface
drop-down menu at the top of the screen.
30. Type tcp port 80 in the box next to Capture Filter.
31. Close ALL other programs you currently have open except your word processing
program (Microsoft Word, OpenOffice Writer, etc.).
32. Click Start.
33. Open a web browser and go to www.google.com.
34. Click Capture and Stop.
35. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more
than one until you get to the www.google.com packet.)
36. Select that row.
37. In the bottom pane you will see a bunch of numbers to the left. (Its the contents of the
packet in hexadecimal.) Just to the right you will see the content of the packet in a
column.
38. Select the text www.google.com.
39. Take a screenshot.

MCIS 6173 Networking Security

Group Assignment 5 Due 3/9/2016
(2) Users may use a web-based vulnerability scanner if they want to do a simple scan for
potential vulnerabilities on their own personal computers. ShieldsUP is a web-based
vulnerability scanner managed by Gibson Research Corporation that will scan your computer
without installing any additional software. The downside is that it doesnt have the ability to scan
additional computers other than your own machine. ShieldsUP! also provides explanation about
how the scans work and what the results mean.
You will also run an application called LeakTest. LeakTest checks to see if your firewall will
prevent an unauthorized application from making a data connection with an outside server. No
data will be sent from your computer. However, it will test to see if malware, spyware, or a virus
could make an external connection and upload data from your computer.
1. Go to the Shields Up main page at www.grc.com.
2. Click Services and ShieldsUP!
3. Click Proceed.
4. Click File Sharing.
5. Take a screenshot of the results.
6. Go back to the ShieldsUP! main page.
7. Click Common Ports.
8. Take a screenshot of the results.
9. Click on any one of the ports that may have been open.
10. Take a screenshot of the explanation page.
11. Go back to the ShieldsUP! main page.
12. Click on All Service Ports. (This may take a couple minutes.)
13. Take a screenshot of the results.
14. Scroll to the bottom of the page and click on Messenger Spam.
15. Take a screenshot.
16. Click Spam Me with this Note.
17. Take a screenshot if a note appears.
18. Scroll to the bottom and click on Browse Headers.
19. Take a screenshot of the box named Your Browsers Request for THIS Page.
20. Go back to the ShieldsUP! main page.
21. Click Freeware, Security, and LeakTest.
22. Click Download now.
23. Double-click leaktest.exe.
24. Click Run, OK, Test For Leaks, and OK.
25. Take a screenshot of the results.