After some time spent playing around with Packet Tracer, we now moved on to the second part of the Network Security course – Exploitation and Tools. Just by reading the headline you can tell that this course will be fun stuff. And at first we got to take a look at the already known Wireshark software – which is a packet sniffing tool. We then were asked to sniff our own network and capture packets, and then examine packets relating to DNS, HTTP and TCP three-way handshake (SYN, SYN-ACK, ACK). The result I have examined were captured in the time frame of just less than one minute, and the total amount of packets captured were 3509.
There were a total 13 DNS-packets sent and received, which were 7 requests and 6 responses. The reason for the extra request I do not know, but it is the same request as the original – except that the DHCP server is trying one number higher on the DNS listings. All of the packets seems to be related to Google and Youtube, and various subsystems of those. Strange – since I do not have Youtube open in my browser.
There were a total of 122 HTTP-packets captured, some of them contained some interesting information. The GET packets contained not only the name of the site, but also the user-agent that revealed the operating system (in this case Windows 10 x64) and the browser used (Mozilla Firefox).
The largest amount of packets belonged to the TCP packets, with 1510 captured in total. In this segment I only tried to find to find the three-way handshake, and picked one going to 22.214.171.124. As you can see from the screenshot, my computer sends a SYN (asking if .15 are there), and .15 replies with a SYN-ACK (Yes I am, did you get this?). whereas my computer responds with an ACK (Thank you, handshake is done).