1

Analysis 1: Introduction to Wireshark and Higher-Level Protocols

Jessen Koshy

University of Arizona

CYBV 326: Introductory Methods of Network Analysis

Jonathan Martinez

2/18/24
 2

Packet Sniffer

Packet sniffer is a tool developed to help intercept and analyze packet of data from network

traffic. When packets travel through the network, sniffers can capture data passively and

eventually analysis them and decode them if they are not encrypted. This tool can be a double-

edged sword that can be used maliciously or not depending on how it is used. There are different

kinds of packet sniffer such as Wireshark, tcpdump etc.

From network defenders’ perspective, it can be used to optimize network traffic by helping

identify any bottle necks in the routing traffic path. It also helps to identify any configuration

issues or other performance issue or band with limitations. It also helps the network

administrator to find any vulnerabilities that can open up threats of malware or virus incursion

through network traffic and take down entire system.

When using packet sniffers as a tool for malicious intent, the packets can be captured and look

for vulnerability or decoded the encrypted packets and depending on the sensitive nature of the

packet, which could be later used against the organization/system.

Some of the disadvantages of packet sniffer is that it captures data that is not encrypted. So, if a

network attack is launched using encrypted files, this will not be captured. Another disadvantage

of the packet sniffer is that it does not prevent or alert to all attacks. Although it helps to identify

some network attacks, it does not stop/recognize hardware-based attacks e.g. malicious code

using USB or running a corrupt file from a CD.

DNS Vulnerabilities

DNS is domain name system attacks are mainly to disrupt normal operations of an organization.

This can in turn cause money loss and disruption of services. Attacks could originate externally
 3

and also sometimes from internal networks. The internal attack could be from a disgruntled

employee. DNS cache helps to speed up finding websites/IP address. But it is also prone to

vulnerabilities and some attacks are

Denial of service attack

DNS Spoofing or cache poisoning

DNS hijacking : with this type of attack, the quires for website are redirected to a

different malicious server or hijacked DNS server. This attack is on the DNS record

Chapter 2 (p139) discussed some DNS vulnerabilities. Select one of the attacks and provide an

analysis of the attack answering the following questions: o What was the attack? Provide what

layer the attack typically occurs at and description of what the attack does. o How is the attack

carried out? o What does the attack hope to achieve? Relate this to the CIA triad. o What

network vulnerability does the attack take advantage of? o What recommendations would you

make to senior management? (i.e. What can be done to mitigate the attack

Using what you have learned, describe two uses of a packet sniffer from the perspective of both
the network defender and the network attacker. (This means a total of four, two from the
defender’s standpoint and two from the attacker’s standpoint)
• What would cause a packet sniffer to not be able to capture traffic or details of the traffic that it
was able to capture, please provide two examples.
• Chapter 2 (p139) discussed some DNS vulnerabilities. Select one of the attacks and provide an
analysis of the attack answering the following questions: o What was the attack? Provide what
layer the attack typically occurs at and description of what the attack does. o How is the attack
carried out? o What does the attack hope to achieve? Relate this to the CIA triad. o What
network vulnerability does the attack take advantage of? o What recommendations would you
make to senior management? (i.e. What can be done to mitigate the attack
 4

Level Two Header

Level Two Header
Conclusion
 5

References

Bollinger, J., Enright, B., & Valites, M. (2015). Crafting the InfoSec playbook: security
monitoring and incident response master plan. O'Reilly.

Cyber Readiness Institute. (2020). Ransomware Playbook. How to prepare for, respond to, and
recover from a ransomware attack.
https://cyberreadinessinstitute.org/wp-content/uploads/20-CRI-Ransomware-Playbook.pdf.

National Institute of Science and Technology (NIST). (2020, June 9). Computer Security
Incident Handling Guide. NIST. https://www.nist.gov/publications/computer-security-
incident-handling-guide.

Rapoport, M., & Andriotis, A. M. (2017, October 28). States Push Equifax to Explain Why It
Took 6 Weeks to Disclose Hack. The Wall Street Journal.
https://www.wsj.com/articles/states-push-equifax-to-explain-why-it-took-6-weeks-to-
disclose-hack-1509196933.

Seals, T. (2017, September 8). Equifax Breach, Affecting 45% of US Population, Raises Big
Questions. https://www.infosecurity-magazine.com/news/equifax-breach-affecting-45-
raises/.

Soper, T. (2013, August 19). Amazon just lost $4.8M after going down for 40 minutes.
https://www.geekwire.com/2013/amazon-lost-5m-40-minutes/.

Thorne, B. (2020, April 15). How to create an incident response playbook. Retrieved from
https://www.atlassian.com/blog/it-teams/how-to-create-an-incident-response-playbook