TCP View and Whois Lab - Zacham17/my-tech-journal GitHub Wiki

Part 1: TCP View

TCP View allows you to look at the TCP and UDP connections or streams that have been run on your system. It also allows you to look at the process name and ID associated with the connection on your end. The application is different from Wireshark because it shows more low-level information such as which process is using the open socket. That is very, very valuable information. For every open port and process on your computer, you want to know the process that has it open and the path to the process (where the executable exists on the disk). Preparation

  1. Download TCP View from the Sysinternals website
  2. Run TCP-View with administrative rights and answer these questions and post your results to your GitHub page for this lab.

SUBMISSION: Find the connection which has sent the most bytes and identify the following:

Process Name

chrome.exe

Path to where the executable exists (include the path and explain what tools were used to find it)

C:\Program Files\Google\Chrome\pplication\chrome.exe

 I Used process properties in TCP view to find this

Process ID

11408

Protocol

UDP

Remote Address

172.253.63.188

Remote Port

5288

Approximate Bytes Sent

1,076,006

Approximate Bytes received

271,565

Part 2: WhoIs

Preparation Download Whois from the Sysinternals website WhoIs is a mature Internet program (typically Unix) that uses the DNS to lookup information about a domain name.

  1. Open cmd.exe as an administrator and run whois64 champlain.edu.

SUBMISSION: Find the following in your Champlain whois query:

Name of Administrative Contact

Chris North

Email of Administrative Contact

[email protected]

Name of Technical Contact

Wayne Buttles

Phone number of Technical Contact

+1.8028602710

Primary Name Server

NS.CHAMPLAIN.EDU

When the Domain Name expires

31-Jul-2021

SUBMISSION: Run whois on a site you frequently use. Submit the same information as above.

Note: The site I used was www.vmware.com

Name of Administrative Contact

Host Master

Email of Administrative Contact

[email protected]

Name of Technical Contact

Host Master

Phone number of Technical Contact

+1.8774869273

Primary Name Server

dns1.p05.nsone.net

When the Domain Name expires

N/A
This wasn't displayed in the command window
⚠️ **GitHub.com Fallback** ⚠️