diff options
Diffstat (limited to 'netsec-assignment2-S4498062/exercise3/exercise3d')
| -rw-r--r-- | netsec-assignment2-S4498062/exercise3/exercise3d | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/netsec-assignment2-S4498062/exercise3/exercise3d b/netsec-assignment2-S4498062/exercise3/exercise3d new file mode 100644 index 0000000..26dea2d --- /dev/null +++ b/netsec-assignment2-S4498062/exercise3/exercise3d @@ -0,0 +1,68 @@ +The comments summary: + + Summary created by Wireshark (Git Rev Unknown from unknown) + + File: + Name: /.../netsec-assignment2-S4498062/exercise3/outputnetsec-01-dec.cap + Length: 140897136 bytes + Format: Wireshark/tcpdump/... - pcap + Encapsulation: IEEE 802.11 Wireless LAN + Packet size limit: 65535 bytes + + + Time: + First packet: 2015-09-11 08:52:12 + Last packet: 2015-09-11 09:16:57 + Elapsed: 00:24:45 + + + Capture: + + Unknown interface: + Dropped packets: unknown + Capture filter: unknown + Link type: IEEE 802.11 Wireless LAN + Packet size limit 65535 bytes + + Statistics: + Packets: 200052 + Between first and last packet:1485.708 sec + Avg. packets/sec: 134.651 + Avg packet size: 688.302 bytes + Bytes: 137696296 + Avg bytes/sec: 92680.617 + Avg Mbit/sec: 0.741 + +The IP conversations: + + "Address A","Address B","Packets","Bytes","Packets A→B","Bytes A→B","Packets A←B","Bytes A←B","Rel Start","Duration","bps A→B","bps A←B" + "192.168.84.40","192.168.84.79","4743","550188","2791","323756","1952","226432","0.000000000","1485.2227","1743.88","1219.65" + "192.168.84.51","192.168.84.68","97598","57695108","61316","5156724","36282","52538384","-0.000003000","1485.7076","27767.10","282900.27" + "192.168.84.10","192.168.84.62","85260","78089584","51881","75285124","33379","2804460","-0.000004000","1485.6989","405385.64","15101.10" + "192.168.84.10","192.168.84.47","5570","646120","2788","323408","2782","322712","0.066556000","1485.1628","1742.07","1738.33" + "192.168.84.10","192.168.84.60","4682","543112","2721","315636","1961","227476","0.975936000","1484.1761","1701.34","1226.14" + "192.168.84.10","192.168.84.56","1832","150164","919","66168","913","83996","1.014845000","1482.2693","357.12","453.34" + +Conversation .10 and .62: + + These clients only use TCP. The data seems to be hexadecimal ascii + characters. I did not convert that to see what they're sending. + +Conversation .51 and .68: + + This is similar to the one above. + +The protocol hierarchy looks more interesting now (percentages are given in % +packets): + + - There's some ARP messages (0.18%) + - But mostly IP (99.82%) + - Of which most are TCP (92.32%) + - But also some ICMP (7.5%) + +NOTE: +As it turns out, there was something wrong with the network when I sniffed. Another student had the same problem, but retrying later gave +him UDP packets with something like "Insert your student number here". I did not have the time to sniff again and look at the details again. +As a result, I didn't understand what was the point of exercise 4b (see note there as well). +As a proof, I can send you the cap file. Because of its size I will only do that on request (info@camilstaps.nl). + |