Final Project
Final Project
Final Project
Final Project
Louie Galaz
Date
2
Final Project
1. Trade Studies
The trade study performed for this assignment involved two tools; wireshack and snort.
These two tools were chosen specifically for network visualization. To perform the trade study,
the tools were compared in relation to data compatibility, scalability, visualization capabilities,
customization, and ease of use. Due to its robust capabilities and user-friendly interface,
Wireshark is a well-known network protocol analyzer application that many network managers
and security experts choose. Its popularity is due in part to the following factors: It includes an
intuitive user interface that enables users to quickly filter and search for certain packets, making
Snort, on the other hand, is a common open-source network visualization tool mostly
used in intrusion detection and prevention systems. It is regarded as a good tool for network
visualization for a number of reasons, including its capacity for real-time network traffic
Between the two, Wireshack was found to have better performance on the selected
metrics compared to Snort. Wireshack was found to have better capabilities in its capacity for
real-time network traffic capture, analysis, and display. The tool made it possible to immediately
identify odd network behavior and further investigate it. The tool allows for in-depth network
traffic analysis, including examination of individual packets and their contents, making it easier
Wireshark provides a number of filters and plugins used to look into and identify
potential security problems. These plugins can be used to extract specific information, such as IP
addresses, users, and passwords, from network traffic. The ability to filter and extract specific
3
information helps focus on areas of interest, which reduce the time and effort needed to evaluate
large amounts of network data. Figure 1 below illustrates the TCP capture obtained from
Wireshark testing.
Another benefit of Wireshark is that it can work with many different protocols, including
TCP/IP, HTTP, DNS, and many others. This makes it possible to study and find security flaws in
multiple network contexts, making it a flexible tool. Wireshark can also be customized due to its
high degree of adaptability to meet specific needs. For instance, one can create custom filters to
evaluate specific types of network traffic or they can use plugins to automate the study of
Wireshark is also a helpful tool due to its real-time network analysis capabilities, vast
number of filters and plugins, compatibility with a wide range of protocols, and greater level of
customization. These features make it an efficient tool that may help one quickly discover and
4
analyze potential security threats, reduce the likelihood of a data breach, and help with network
security maintenance.
This test was conducted using tools that included the Oracle Virtual box, which was used
as the virtual machine on the computer. Another tool used was the Kali Linux operating system,
which was set up in a virtual machine to serve as the operating system environment while
conducting the testing and configuring various network settings. The other two tools used were
the OWASP Webgoat program, which was used to test vulnerabilities, and Metasploitable 2, a
The virtual machine used in this lab included Kali Linux and Metasploitable 2.
Kali Linux was first downloaded as an image from the official Kali Linux website. The
image was then installed using the graphical install option (Bose, 2022) available on the
Configuration settings included the location, language, and keyboard. To configure the
network, a name was chosen for the Linux system. The configuration was then completed by
setting the clock and domain name and password for the system. Finally, grub and the Kali Linux
OS were installed. Metasploitable was downloaded as a zip file (GeeksforGeeks, 2022). The
virtual machine parameters selected were similar to those of the Kali Linux installation.
However, Metasploitable 2 was also added as a virtual machine together with Linux on the hard
disk drive. The file was then saved to create an instance of the Metasploitable 2 virtual machine.
Kali Linux was installed to act as the operating system on which the tests and network
setups were conducted. Metasploitable 2 was used as the target machine for conducting the test
attacks. Both systems were installed on a machine running on DHCP, with NAT. The network IP
address was configured to the range 192.168.161.0/27. The Nmap scan xonsucred on the
3. Security Toolkit
6
Kismet Wireless was the security toolkit used in the study. The toolkit is an 802.11-layer
2 wireless network sniffer, intrusion detection system, and text-based network detector. It is used
to passively gather packets, identify standard networks, find hidden networks, and determine
whether non-beaconing networks are present (Kismet, 2022). It is an open-source tool used to
record wireless device packets, including those from Bluetooth, Wi-Fi, wireless thermometers,
Kismet works by showing any colored-scheme networks it finds in the Network window.
The order of the networks is randomly chosen. Figure 4 below illustrates this color code:
Running the network scan on the Kali Linux operating system showed networks that
included home wireless adapters together with their related clients and hidden SSID, which are
difficult to discover. The color palette is intended to convey the type of encryption used in each
file.
To locate users connected to a specific network and to view any network devices that are
currently connected to the network, one only needs to click on the tab ‘View’ in the menu bar.
7
The MAC address, manufacturer, and other details about the client device will be shown by
Kismet. Such details can be utilized to distinguish between known and unidentified devices.
The virtual machine was tested by installing Webgoat, an insecure application used for
vulnerability scanning, on the Linux operating system running Metasploitable 2. Running the test
required using Nmap for network scanning. Results of the test showed that 17 hosts running on
tcp were up and running on the network. The results did not indicate any signs of vulnerability
on the network.
with the system showing that an attacker could penetrate Metasploitable as an administrator
without requiring any login information. This meant that the login gave the attacker root
privileges as an administrator, thereby allowing them to conduct anything that they pleased.
b) hydra -l kali -P wordlist.txt 192.168.1.5 ssh - use of hydra to perform a dictionary attack of
d) nmap -p- 192.168.1.5 - scans all the ports of the specified IP address and returns a list of
open ports. netsat -tinp - shows all the active UDP and TCP ports
8
f) wgetid -r -display the wireless network name (SSID) that the system is currently associated
I have learned much from this lab, especially on Kismet wireless. It has taught me that
Kismet wireless is a strong, highly customizable tool used for network monitoring and network
analysis. Also, it is open source, supported, and compatible with a variety of systems and
wireless network interfaces. It is simple to capture, visualize, and analyze the packets and traffic
of wireless networks. In order to identify potential wireless risks, it is crucial to find rogue
wireless clients and devices. For anyone working in wireless network security and analysis,
References
Bose, M. (2022, December 13). How to install Kali linux on VirtualBox: An expert guide.
https://www.nakivo.com/blog/how-to-install-kali-linux-on-virtualbox/
https://www.geeksforgeeks.org/how- to-install-metasploitable-2-in-virtualbox/
Wireshark. (n.d.). 11.2. start Wireshark from the command line. Wireshark. Retrieved January
https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html