Performing protocol captures Essay

1.Which tool is better at performing communications protocol acquires and which tool is better at performing protocol analysis?Wireshark is better for performing protocol analysis and Netwitness Investigator is outgo at performing protocol captures. Wireshark does well at both aspects, which makes it a little better.2.What is promiscuous modality and how does this allow tcpdump, Wireshark, and NetWitness Investigator to perform protocol capture off a depart ne cardinalrk?Promiscuous mode is for a wired network interface controller or radio receiver network interface controller that causes the controller to pass all transaction to the CPU instead of passing only through the frames the controller is sibyllic to receive. It allows tcpdump, Wireshark, and NetWitness Investigator to perform protocol capture off a live network because its made for big money sniffing, which all these applications perform.3.What is the significance of the transmission control protocol three-way han dshake for applications that utilize TCP as a express protocol? Which application in your protocol capture uses TCP as a transport protocol?The significance of the TCP three-way handshake is that three messages be transmitted by TCP to negotiate and stick a TCP session between the computers. The purpose is so that two computers can negotiate the parameters of the network TCP socket connection before convey the data. Wireshark is the application that uses TCP as a transport protocol.4.How many different source IP host addresses did you capture in your protocol capture?There were 6 different IP host addresses captured in the protocol capture.5.How many different protocols (layer 3, layer 4, etc.) did your protocolcapture session devote? What function in Wireshark provides you with a breakdown of the different protocol types on the local area network segment?6. Can Wireshark provide you with network handicraft software system size counts? How and where? Are you able to distingu ish how many of each packet size was transmitted on your LAN segment? Why is this grand to know? 7. Is FTP data able to be replayed and reconstructed if the packets are captured on the wire? If an attack were to occur between the source and terminal IP host with data replayed that has been altered, what kind of attack is this called? 8. Why is it all important(p) to use protocol capture tools and protocol analyzers as an information systems protection professional? 9. What are some challenges to protocol analysis and network traffic analysis? 10. Why would an information systems security practitioner want to listen network traffic on both internal and external LAN segments at the DMZ within the LAN-to-WAN domain (i.e., both on the inner(a) and outside LAN segments)?