Overview
Security administrators routinely deploy tools to monitor and analyze ingress and egress traffic transiting enterprise networks. Wireshark is one of the most widely used packet capture and analysis tools. It enables the capture of network packet traffic and the capability to save frame details in multiple formats that make them usable by the more sophisticated, more expensive software tools.
Directions
Consider your lab work and other studies to address each of the following in the Word document that contains your lab screenshots. Clearly label each section.
- In the PacketCapture.pcapng file you reviewed in Section 1 of the lab, there is a lot of traffic for the TLSv1 protocol. Explain the primary function of the bulk of the traffic.
- In the lab, identify any three protocols that you find in the HotspotCapture.pcapng file. Apply Wireshark’s filtering function to isolate each of the respective protocols that you chose to analyze, and determine the volume of traffic (i.e. number of packets) captured for each protocol. Create a spreadsheet and bar chart that accurately shows a comparison of traffic volume data for the three protocols. This section of the assignment requires you to independently navigate Wireshark in the JBL Lab environment by applying the competencies that you developed during your Week 8 virtual lab experience.
Submission Instructions
Submit your assignment in a Word document with well-labeled responses.
Competencies Measured
By successfully completing this assignment, you will demonstrate your proficiency in the following course competencies and rubric criteria:
- Competency 1: Apply statistical procedures to information security data.
- Create a spreadsheet and histogram to represent traffic data from a filtered query.
- Competency 2: Analyze network security architecture for vulnerabilities and risk.
- Perform network traffic analysis as specified in a lab and evidenced by screenshots.
- Explain the primary function of the bulk of the traffic identified in a network analysis report.
| Using Wireshark and Netwitness Investigator to Analyze Wireless Traffic | ||
|---|---|---|
| Criteria | Ratings | Pts | 
| Perform network traffic analysis as specified in a lab and evidenced by screenshots. | 27.2 to >23.12 pts DISTINGUISHED Performs network traffic analysis as specified in a lab and evidenced by screenshots and includes a description of what was learned from or observed in the lab, as well as an identification of the specified network device. 23.12 to >19.04 pts PROFICIENT Performs network traffic analysis as specified in a lab and evidenced by screenshots. 19.04 to >0 pts BASIC Performs network traffic analysis in an unspecified manner in a lab. 0 pts NON_PERFORMANCE Does not perform network traffic analysis as specified in a lab and evidenced by screenshots. | / 27.2 pts | 
| Explain the primary function of the bulk of the traffic identified in a network analysis report. | 26.4 to >22.44 pts DISTINGUISHED Explains the primary function of the bulk of the traffic identified in a network analysis report in detail that demonstrates a deep understanding of the nature of network traffic. 22.44 to >18.48 pts PROFICIENT Explains the primary function of the bulk of the traffic from a network analysis report. 18.48 to >0 pts BASIC Identifies the primary function of the bulk of the traffic identified in a network analysis report, or offers an explanation that has significant errors or omissions. 0 pts NON_PERFORMANCE Does not identify the primary function of the bulk of the traffic identified in a network analysis report. | / 26.4 pts | 
| Create a spreadsheet and histogram to represent traffic data from a filtered query. | 26.4 to >22.44 pts DISTINGUISHED Creates a professional spreadsheet and histogram that is clear, concise, and well labeled to represent measured traffic data. 22.44 to >18.48 pts PROFICIENT Creates a spreadsheet and histogram to represent measured traffic data from a filtered query. 18.48 to >0 pts BASIC Creates a spreadsheet and histogram that poorly represents measured traffic data. 0 pts NON_PERFORMANCE Does not create a spreadsheet or histogram. | / 26.4 pts | 
| Total Points: 0 |