Overview

Introduction

The Analyzing Protocols module provides you with the instructions and devices to develop your hands-on skills in the following topics.

  • Analyze TCP/IP
  • Analyze HTTP Traffic
  • Analyze DNS
  • Analyze ARP
  • Analyze IPv4 Traffic

Lab time: It will take approximately 1 hour to complete this lab

Exam Objectives

The following exam objectives are covered in this lab:

  • CAS-002 1.3: Given a scenario, analyze network and security components, concepts and architectures.
  • CAS-002 3.3: Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results.

Exercise 1 - Analyze Transmission Control Protocol Internet Protocol

In this module, we will consolidate knowledge from previous exercises and move through routine procedures when analyzing Transmission Control Protocol/Internet Protocol traffic or TCP/IP traffic. Transmission Control Protocol and Internet Protocol is a suite of protocols used for communication across disparate networks whether those be in an office, at home or across the Internet.

In the later tasks, you will understand how TCP/IP behaves and how Wireshark utilizes its filters to enable problem discovery and correction.

In this exercise you will complete the following tasks:

  • TCP/IP Functionality

Exercise 2 - Analyze HTTP Traffic

In this exercise, we will consolidate knowledge and move through routine procedures when analyzing the HTTP traffic. Hypertext Transfer Protocol is used to present information primarily across the internet and is commonly seen as the backbone on most websites. This protocol, connecting servers to clients, allows users from all over the world to view and edit textual information, which is meant for display and presentation purposes.

In this exercise you will complete the following tasks:

  • Analyze Varieties of HTTP

Exercise 3 - Analyze DNS

In this exercise, we will consolidate knowledge and move through routine procedures when analyzing the DNS traffic. Domain Name System is a network service used to resolve hostname/fully qualified domain name (FQDN) to its numeric IP address that allows users to use names rather than IP address when connecting to websites. The DNS server or name server will translate the hostname to its known IP address and then automatically redirect that information back to the requesting client. For example, www.google.com is 8.8.8.8.

In this exercise you will complete the following tasks:

  • Analyze DNS Queries and Responses

Exercise 4 - Analyze ARP

In this exercise, we will consolidate knowledge and move through routine procedures when analyzing the ARP traffic. The Address Resolution Protocol is used to map networks according to their IP addresses and MAC (Ethernet) addresses. This helps network engineering quickly understand which devices are currently active and inactive on the topology. This protocol is used by devices to initially map each other out so that routers/switches can send information to the correct device by logging arp responses in the routing tables.

In this exercise you will complete the following tasks:

  • Analyze Varieties of ARP

Exercise 5 - Analyze IPv4 Traffic

In this exercise, we will consolidate knowledge and move through routine procedures when analyzing the IPv4 traffic.

IPv4 packets are what is typically found crossing the network; they hold packets forwarded by routers and switches to target IP addresses based on routing tables which hold information of all the devices active on the system.

In this exercise, you will complete the following tasks:

  • Analyze IPv4 Traffic

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.