Free

Team Lab 5: Snort Rules - Assignment Example

Comments (0) Cite this document
Summary
The first section of the output shows packets sent to the victim IP address( 192:168:0.11) from the attacker Ip address (192.168.0.131).
The line above is the first line of the output and displays the…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER95.5% of users find it useful
Team Lab 5: Snort Rules
Read TextPreview

Extract of sample "Team Lab 5: Snort Rules"

Team Lab 5: Snort Rules Snort Sniffer Mode Meaning of command options snort –d –e -v –i 2 snort -v The snort command means thatthe sniffer mode will only print the TCP/ICMP/UDP headers and the IP headers for the user to see.
Snort -d -v
The Snort command instruct snort to display all the headers and the packet data being transported.
Snort -v -d -e
The command will show a lot of details that include TCP/ICMP/UDP headers, packet data being transported, and it also shows the data link layer or layer two headers.
Snort -v -d -e -i -2
The command means snort is displaying all the packets and headers from the -v-d-e option while listening on interface 2.
The screen-shot above shows two sections of the snort sniffer mode output. The first section of the output shows packets sent to the victim IP address( 192:168:0.11) from the attacker Ip address (192.168.0.131).
04/16-17:45:00.079555 0:50:56:9E:4:BF → 0:50:56:9E:6F:1C type:0x800 len:0x4A
The line above is the first line of the output and displays the date and time the output was produced or when the packet was being sent from the attacker to the victim. The packets were captured on 16 April at around 17:45 pm. The first line then shows the source and destination mac address of the attacker and victim. Type:0x800 indicates that the connection is done over the IPv4 Internet protocol and define the length of the header that is being displayed.
The second line shows the source and destination IP address as 192.168.0.11 and 192.168.0.131 respectively. ICMP represents the header packet of the Internet control message protocol. TTL:128 represents the time the packet is allowed to live, and the packet is allowed to travel through 128 loops before being dropped. ID:74 represents theIPID for the source of the packet. IpLen:20 represents the length of each IP address that is being used or being displayed by the snort. DgmLen:60 defines the length of the captured packets. ID: 512 represents the destination IP ID. Seg:1024 refers to the number of the maximum targets. ECHO refers to a packet request from the attacker being sent to the victim.
The next lines with the following contain the actual message being sent by the attacker.
61 62 63 …...6F 70
71 72 73.........68 69
The second section contains the output information where the victim has sent back packets in response to the request sent by the victim. The first line also contains the time, date details Mac addresses of the two machines and the Type:0x800 indicates that the connection is over IPv4. The output then shows the IP addresses where the packet originates. The IP address is 192.168.0.131, and the destination IP address is 192.168.0.11. This means that the packet is a reply to the initial request that had been sent by the attacker. Therefore, the source this time is the victim, and the attacker is the destination of the packets.
The output information also contains the ID that is assigned when the packet is being transferred. The segment number seg:1024 refers to the number of maximum targets. The packet also contains ECHO REPLY; that refers to the packet that is a reply to a request that had been sent by 192.168.0.11 (attacker).
The next line represents the encoded message being sent as a reply to the packet request The message is decoded and contains alphabetical letters.
Stopping Snort will reveal that the there was a ping from 192.168.0.1 to 192.168.0.131.
Reference
The Snort Project, (2014). SNORT User Manual 2.9.7. Cisco. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Team Lab 5: Snort Rules Assignment Example | Topics and Well Written Essays - 500 words”, n.d.)
Team Lab 5: Snort Rules Assignment Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/information-technology/1689364-team-lab-5-snort-rules
(Team Lab 5: Snort Rules Assignment Example | Topics and Well Written Essays - 500 Words)
Team Lab 5: Snort Rules Assignment Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/information-technology/1689364-team-lab-5-snort-rules.
“Team Lab 5: Snort Rules Assignment Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/information-technology/1689364-team-lab-5-snort-rules.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Team Lab 5: Snort Rules

Examination of the Technologies Currently Employed for the Detection of a Worm Attack and Its Subsequent Negation

...of Snort is capable of recombining out-of-order traffic, and deep packet inspection looking for a wide variety of protocol anomalies, port scans, and host-based vulnerabilities. By comparing network traffic against a database of known attacks, Snort is capable of identifying threats as they arrive on the wire (Roesch, 2006). This database of rules is currently maintained by the snort.org team and additional custom rules can be created by the end administrator to handle special cases/conditions within the environment it will be deployed in. Snort is currently billed as both an intrusion detection and an intrusion prevention system...
36 Pages(9000 words)Term Paper

Lab 5: Policy, Ethics, & Decisions

...% in scenarios 1 and 2, while is reduction remains at about 34% for scenario 3. 5. How does the carrying capacity of Philip Flat affect the future growth rate of the population? Changing the carrying capacity of Philip Flat changes the overall pattern. When the carrying capacity of the Philip Flat is increased to 130, the reduction in final abundance is lower in scenario 1 at 15% as compared to 20-25% in scenario 2, and 34-38% in scenario 3. When the carrying capacity of the Philip Flat is reduced to 50, the reduction in final abundance is higher in scenario 1 at 33% as compared to 20-25% in scenario 2, and 34-38% in scenario 3. 6. What can you infer about the sensitivity of the PVA to errors in the estimates of dispersal...
4 Pages(1000 words)Lab Report

Lab Report 5 Brown Peterson

...Lab Report 5 ‘Brown Peterson’ Introduction Basing on the Brown – Peterson experiment, the loss of memory was considered to result from the interference of the previously learned information by the new information. In this, considering the decay theory of immediate memory trace, most people are likely to forget the previous memory when impacted by the current one. In this study, a total of twenty five participants were presented with a trigram of consonants in which they were expected to view for about 20 seconds. In the conducted lab experiment, the study was restricted by quantitative descriptions and the data found in the trigram showed that the recall was less likely given that the participants worked for longer periods... Report 5 ‘Brown...
2 Pages(500 words)Lab Report

Ethical hacking

...: (1) giving mysql and ACID to help people examine the information caught, (2) having Snort sent email cautions in regards to specific sorts of endeavors, and (3) firewall setup utilizing iptables. The accomplishment of this methodology urged us to take a gander at applying this engineering to the educating of machine systems (Infs6230). Here we embraced a methodology concentrating on subjects: convention stacks, exemplification of information units, and directing disclosure. We needed our people to have the capacity to distinguish and comprehend information units at each level. Critical apparatuses again here were tcpdump and tethereal for information catch. We picked a dynamic scope of directing revelation, starting...
8 Pages(2000 words)Essay

Lab 5 assignment

...on the balloon. 4. Immediately move the balloon toward the pieces of tissue paper. Bring it close to the pieces without actually touching them. Record what happens to the tissue paper pieces as the balloon is brought close to them. 5. Now, lay the empty soda can horizontally on a hard floor. Rub the balloon again to charge it. Bring the balloon close to the soda can and observe what happens. Record your observation. 6. Finally, do the same thing as in step five but this time use the full soda can. 7. Record your observations. Observations and analysis After the test had been done, the numbers of tissue pieces collected were recorded in the table below: Item No. of the tissues attracted Woolen sweater 21 Empty...
1 Pages(250 words)Admission/Application Essay

Team Building 5

...Team Building The problem of team A consistently supplying defective widgets to team B has led to poor performance of the latter. The problem can be sorted if the appropriate authorities from both the teams meet and work out a mutually beneficial and functional method of operation. The entire process of the operation is reviewed and accordingly a plan of action is chalked out. It is very important to set up few ground rules` for the team members such that the members adopt a problem solving stance. Accusing each other does not solve the issues; hence the team members need to work together towards a mutual goal of...
2 Pages(500 words)Essay

Lab 5

...Laboratory Report Number Question Image shown above is yielded when the sinusoid frequency is low, at 5, and image 2 is the result when the frequency of the spectrum of amplitude is set at 5. This set up yields 5 spikes/ waves that are easily discernible and countable due to the fact that the spectrum of amplitude is close and 5 is the value of frequency. One amplitude spectrum is of positive value, +5, and the other is negative, that is -5. Image 3 that exhibits 50 waves has a higher frequency of 50 and has a spectrum of amplitude that is more distant when likened to that of images of low frequency as 5 as in image 2. However, when the value of frequency was upped to 100, as in image 5, the amplitude of spectrum obtained was more... ...
2 Pages(500 words)Essay

Team discution 5

.... Distributive Justice- This is delineated as the perceived fairness of various outcome of the taken decisions and is judged through measuring whether the stated rewards are proportional to the presented costs, input outcome ratios compares to others and whether outcomes match and stick to the expectations. Procedural justice- This is defined as the perceived fairness within the steps followed in making decisions. It is evaluated by gauging whether the steps are unbiased, consistent, correctable and accurate. It should also be open to scrutiny and inputs from other staff members. 3. As the chair of the committee, I will apply the principle of goal setting theory, which applies challenging but clear goals to help in the advancing of...
2 Pages(500 words)Assignment

Lab 5

...not foretell the financial crisis (Andrews 2011). 3) I am sympathetic with some of the people who lost their assets to the credit card companies. However, in legal terms, I do not think the credit card companies took advantage of them. 4) The role of the government is advocating for legislature that mandates all civilians, signing contracts with credit companies, to have a lawyer present. 5) In my opinion, the credit card contracts do not meet the standards of oppression since, even though they are ignorant, the other parties are mentally competent. 6) As a judge, I would rule against the 30 year old because his history suggest he is mentally competent. Furthermore, the primary reason for his inability...
1 Pages(250 words)Assignment

Geomorphology Lab 5

...that causes the flow of current. Consequently, the complex nature of the variability calls for a study, which can provide a succinct explanation to the basis of this phenomenon. In this lab, the major objective is to gain an understanding of how stream chemistry varies with respect to position in a drainage basin. Specific goals 1. Develop a hypothesis. 2. Sample stream waters and learn how to measure pH and EC in the lab. 3. Learn how to calibrate a lab instrument. 4. Test hypothesis using stream chemistry results. Hypothesis The stream chemistry (pH and EC) changes due to change in position External factors such as pollutants contribute to the influence of position on stream...
2 Pages(500 words)Lab Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Assignment on topic Team Lab 5: Snort Rules for FREE!

Contact Us