SYS140 TCPView and whois - eitan-j/tech-journal GitHub Wiki

SYS-140 - Week 9 Lab 2

Instructions: (Follow instructions carefully!)

Objective
In this lab you run some of the Windows Sysinternal tools dealing with processes, files and disks. Before running the tools you should read the pertinent sections in the Windows System Internals Administrators Reference.
Download and run the tools and answer the questions for each tool. The Download site for SysInternals is: https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx
Preparation:

  1. Run the tools on your Windows 10 host computer.
  2. Submit to GitHub using the same format at Lab 1.

Networking

TCP View

TCP View allows you to look at the TCP and UDP connections or streams that have been run on your system. It also allows you to look at the process name and ID associated with the connection on your end. The application is different from Wireshark because it shows more low-level information such as which process is using the open socket. That is very, very valuable information. For every open port and process on your computer, you want to know the process that has it open and the path to the process (where the executable exists on the disk).
Preparation
Download TCP View from the Sysinternals website
Run TCP-View with administrative rights and answer these questions and post your results to your GitHub page for this lab.
SUBMISSION: Find the connection which has sent the most bytes and identify the following:

  • Process Name chrome.exe
  • Path to where the executable exists (include the path and explain what tools were used to find it) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Right click, "Process Properties..."
  • Process ID 15324
  • Protocol UDP
  • Remote Address *
  • Remote Port *
  • Approximate Bytes Sent 3,861
  • Approximate Bytes received 2,996
  • Include all of this information in your lab submission.

WhoIs

Preparation
Download Whois from the Sysinternals website
WhoIs is a mature Internet program (typically Unix) that uses the DNS to lookup information about a domain name.
Open cmd.exe as an administrator and run whois64 champlain.edu.
SUBMISSION: Find the following in your Champlain whois query:
Name of Administrative Contact Chris North
Email of Administrative Contact [email protected]
Name of Technical Contact Wayne Buttles
Phone number of Technical Contact +1.8028602710
Primary Name Server NS1.BURLINGTONTELECOM.COM
When the Domain Name expires 31-Jul-2021
Post your results to your GitHub page for this lab.
SUBMISSION: Run whois on a site you frequently use. Submit the same information as above.

archive.org
Name of Administrative Contact Internet Archive
Email of Administrative Contact [email protected]
Name of Technical Contact Internet Archive
Phone number of Technical Contact 1.4155616767
Primary Name Server ns1.archive.org
When the Domain Name expires 2025-12-13T05:00:00

What To Submit:

TCP View details
Submission for the Champlain Whois information
Submission for the whois information on a website that you frequent