Week 2 - ConnorEast/Tech-Journal GitHub Wiki

To begin I first went and logged into my administrator level account created during week 2’s lab. Below is a picture of me using the “-whoami” command in order to show y’all I’m currently in the account.

Next I went to wireshark.org and downloaded wireshark. For reference wireshark is a network packet analyzer used primarily for network troubleshooting, analysis, etc. Below is an image of the page and the download in my downloads folder.

After wireshark had been downloaded, I then went through the wizard setup for it. Keep in mind this is all being done through Vsphere and as such Remote capabilities are still present. I left all of the download options as their default values.

I then opened an admin level cmd and used the ip flushdns command as seen below.

Next I opened wireshark and began to capture the ethernet. The following images are from the command prompt and from wireshark respectively.

This image from the command prompt shows me pinging “connorEast_ABAS.edu”, “fw01-connor”, and “champlain.edu”.  The section circled in blue shows me how many replies I got from champlain.edus server. Below is an image from wireshark. Underneath the image I will explain what has or is occurring within wireshark.

For reference the areas highlighted in yellow are my original server pings. The first ping (line 1) used the DNS (Domain Name Server) protocol to query if the site existed. This ended with a dns protocol to 10.0.5.100 which replied by saying no such site existed (line 2).

My next ping was for my firewall (line 3) referred to as “fw01-connor.connor.local”. This led to a response which then sent a series of responses and replies to our server which showed us that we had to jump 6 times in order to identify the site location. On line 13 our device uses the arp protocol (Address Resolution Protocol) in order to identify the current IP and Mac Address respectively. The next line (line 14) finally gave us a response of the following:

9.