What You Have Learned So Far (Today)
You have already practiced many SOC analyst tasks:
Packet capture with tshark
Port scanning with nmap
DNS traffic monitoring
TCP handshake analysis
Detecting scanning patterns
Checking listening ports
Identifying processes owning network ports
Investigating suspicious processes
10.0.2.15
1:B 2:B 3:A
I can't copy and paste from kali terminal to chat
unable to locate package build-essentials
tshark: the capture session could not be initiated due to error getting information on pipe or socket: Permission Denied
1
;n B 2:B
1:B 2:B 3:B
What Just Happened (Security+ Concept) Go back and begin at this point again, We have jumped ahead of my knowledge point question so my answers submitted are not in sync with the questions
1;B 2:B 3:C No I see ICMP and DNS but no TCP or SYN packets
1:A 2;A 3:C
sudo tshark -i eth0 tcp.flags.syn==1 says syntax error tshark: Invalid capture filter
Knowledge check > 1 What protocol does ping use?:B 2 What packet starts a TCP Connection?:A 3 What tool is a commonly used to scan orts?:B I do not want to skip these quiz questions
Do not continue past the knowledge questions until you have an answer input from me and have reviewed my answers
1:
B 2:B3;B
Yes I saw TCP and Syn packets
1:B2:A ( What does that mean port is filtered? Could that generate an RST response?)3:B
Waiting
1:B 2:A 3:C
1:B 2:A 3:B
yes i did
1:B 2:B 3:A
1:A 2:B 3:B
1
:B 2:C 3:B
many different ports alerts for possible port scanning attack I don't recall selling any RST packets coming bak during the scan So No
1;B 2:A 3:B
yes
1:A 2:A 3:B
I get it a scanner would not complete the handshake but a client would complete the 3-way hand shake to start a conversation. 1;B 2:A 3:B
yes
1:B 2:A 3:B
No only the source stayed the same
So is this same destination or Host and many ports in the destination /Host 1:B 2:B 3:B
Yes because I was only scanning not trying to connect
1:B 2:A 3:B
no
1;B 2:A 3:B
Nothing good , That sounds like a massive cyber attack. They could possibly compromise the system at some point depending. How the system was setup for defense IPS/ IDS was configured. And how well trained the people were on each end.
1:B 2:A 3:B
i was the attacker using Nmap to scan and the target was my system being scanned with Nmap
1:A 2:B 3: B
To remain virtually undetectable.
1;A 2:A 3:B
I think I did see reference DNS
1:B 2:A 3:B
They contain some of the same information in both packets
1;B 2:A 3:A
I would over load system resources and cause the computers to slow down or possibly shut themdowm
Top comments (0)