Lab 2 Assessment Worksheet Using Wireshark And NetWitness In
Lab 2 Assessment Worksheetusing Wireshark And Netwitness Investigato
Lab 2 - Assessment Worksheet Using Wireshark and NetWitness Investigator to Analyze Wireless Traffic Course Name and Number: ________________________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ________________________________________________________________ Lab Due Date: ________________________________________________________________
Assessment Questions:
- Which tool, Wireshark or NetWitness, provides information about the wireless antenna strength during a captured transmission?
- Which tool displays the MAC address and IP address information and enables them to be correlated for a given capture transmission?
- What is the manufacturer-specific ID for the GemTek radio transmitter/receiver?
- The receiver and/or transmitter address is hard-coded in hardware and cannot be changed; it can always be counted on to correctly identify the device transmitting. True or False?
- What is the actual web host name to which is resolved?
- How can one determine that the website is in Italy?
- Which IP address is for [specific website or entity to be filled based on data]?
- Which destination organization is the owner of record of [course name and number]?
- Student Name: ________________________________________________________________
- Instructor Name: ________________________________________________________________
- Lab Due Date: ________________________________________________________________
Paper For Above instruction
The assessment worksheet for analyzing wireless traffic using Wireshark and NetWitness Investigator encompasses identifying the functionalities and data provided by each tool, understanding hardware identifiers, and interpreting network information such as hostnames, IP addresses, and geographic locations. Through these questions, learners are expected to demonstrate their knowledge of wireless network analysis tools and their practical applications in cybersecurity and network troubleshooting.
Wireshark is a widely-used open-source network protocol analyzer renowned for its detailed packet capture and analysis capabilities. It provides comprehensive information about network traffic, including the strength of the wireless antenna signal during captures. This functionality allows network analysts and security professionals to assess signal quality, diagnose connectivity issues, and optimize wireless network performance. Wireshark displays various parameters, including signal strength metrics such as RSSI (Received Signal Strength Indicator), which quantify the intensity of the wireless signal received by the device.
On the other hand, NetWitness Investigator offers a more enterprise-oriented approach, integrating security feeds and providing contextual information about network traffic. Among its features, it correlates MAC addresses with IP addresses and other device-specific information, aiding investigators in identifying and tracking devices across the network. This capability is vital for incident response and forensic analysis, as it allows seamless mapping of hardware addresses to network identities, enhancing situational awareness during investigations.
The manufacturer-specific ID for the GemTek radio transmitter/receiver is a unique hardware identifier assigned during manufacturing, often used for device recognition and troubleshooting. Identifying such IDs facilitates device management, especially in large or complex wireless environments where multiple devices coexist.
The statement regarding hard-coded receiver and transmitter addresses pertains to certain hardware components that have embedded, immutable hardware identifiers. These IDs are used for consistent device identification, assuming the hardware does not change. This trait is crucial for security protocols that depend on hardware-based authentication; however, some modern devices allow firmware updates that can modify certain identifiers, making the statement potentially false depending on context.
Determining the actual web host name to which a website resolves involves DNS (Domain Name System) lookups, revealing the server's domain name mapped from IP addresses. Tools such as nslookup or dig facilitate this process, providing essential data for network diagnostics and security assessments.
To establish that a website is in Italy, analysts often examine the geographic IP location, server data, or utilize services that map IP addresses to physical locations. These methods include IP geolocation databases, which analyze the IP address and provide estimated geographic information, supporting compliance and targeted cybersecurity measures.
Identifying the IP address associated with a specific entity requires examining packet captures, DNS records, or WHOIS databases. This IP address links to the organization owning or operating the web server or network device, facilitating targeted investigations and authoritative contact or enforcement actions.
The owner of record for a particular organization or website can be found through WHOIS queries, which provide registration data, including organizational contact details, administrative contacts, and technical support information. These records establish legal ownership and are essential in cybersecurity investigations involving attribution and compliance enforcement.
Conclusion
This worksheet emphasizes understanding networking tools, hardware identifiers, and investigative techniques vital to cybersecurity professionals. Mastery of Wireshark and NetWitness features enhances analysts' ability to conduct thorough network assessments, troubleshoot issues, and respond effectively to security incidents. Applying knowledge of DNS, geolocation, and device identification supports comprehensive security strategies and ensures organizational resilience against cyber threats.
References
- Computer Networks. Pearson.