Network Traffic Analysis using Wireshark

To complete this part of the quiz you need to download the following packet capture file available  via google drive. Please note that you must be logged in with your Monash email account on the   browser you are using for this quiz to access the google drive. Make sure you are logged out of all

your personal google accounts if you encounter a request access page.

Link to Apollo Node PCAP file

Important Note: Various parts of the process of creating the PCAP files are randomised. Any name, domain, and/or IP address similarity is coincidental.

Scenario

The provided PCAP file for Apollo node contains the network traffic sent and received by this node for a period of time. During this time a user on this node has visited the web server of the

organisation (the node named Web in the diagram), the intranet server (the node named Intranet in the diagram), and the external web server (the node named External in the diagram). The user

Sepehr has sent an email to another user within the organisation and has used ping command to  test the connection with nodes Zeus and Hera. The network connectivity is shown in the following diagram.

Task 1: Dynamic Host Configuration Protocol

The node Apollo has received its IP address from the DHCP server (node DHCP in the diagram). Identify the DHCP Ack frame and fill out the following fields.

The DHCP Ack frame number:                 [1 Mark(s)]

The IP address provided in router option:                                          [1 Mark(s)]

The IP address provided in domain name server option:                                         [1 Mark(s)]

The value provided in domain name option:                                                       [1 Mark(s)]

Task 2: Internet Control Message

Protocol

a) Identify the ICMP communication between Apollo and Zeus nodes.

Enter the frame numbers of all ICMP Echo Requests sent from Apollo to Zeus from the first to the last as a comma separated list (no spaces):                                                                                 [2 Mark(s)]

Enter the frame numbers of all ICMP Echo Replies sent from Zeus to Apollo from the first to the last as a comma separated list (no spaces):                                                                         [2 Mark(s)]

b) Identify the ICMP communication between Apollo and Hera nodes.

Enter the frame numbers of all ICMP Echo Requests sent from Apollo to Hera from the first to the last as a comma separated list (no spaces):                                                                             [2 Mark(s)]

Enter the frame numbers of all ICMP Echo Replies sent from Hera to Apollo from the first to the

last as a comma separated list (no spaces):                                                                         [2 Mark(s)]