Week 9 Lab 2 : TCP view - jwells24/Tech-Journal GitHub Wiki

SYS-140 - Week 9 Lab 2

Instructions: (Follow instructions carefully!)

Objective

In this lab you run some of the Windows Sysinternal tools dealing with processes, files and disks. Before running the tools you should read the pertinent sections in the Windows System Internals Administrators Reference. Download and run the tools and answer the questions for each tool. The Download site for SysInternals is: https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

Preparation:

Run the tools on your Windows 10 host computer. Submit to GitHub using the same format at Lab 1. Networking

TCP View

TCP View allows you to look at the TCP and UDP connections or streams that have been run on your system. It also allows you to look at the process name and ID associated with the connection on your end. The application is different from Wireshark because it shows more low-level information such as which process is using the open socket. That is very, very valuable information. For every open port and process on your computer, you want to know the process that has it open and the path to the process (where the executable exists on the disk). Preparation Download TCP View from the Sysinternals website Run TCP-View with administrative rights and answer these questions and post your results to your GitHub page for this lab. SUBMISSION: Find the connection which has sent the most bytes and identify the following: Process Name Path to where the executable exists (include the path and explain what tools were used to find it) Process ID Protocol Remote Address Remote Port Approximate Bytes Sent Approximate Bytes received Include all of this information in your lab submission.

  1. Process Name: LCore.exe
  2. Path: Program Files/LogitechGamingSoftware/LCore.exe. This is found by double clicking on the process.
  3. PID: 13732
  4. Protocol: UDP
  5. Remote Address: Undefined (*)
  6. Remote Port: Undefined (*)
  7. Bytes Sent: 249,324
  8. Bytes received: 1,694

WhoIs

Preparation

Download Whois from the Sysinternals website WhoIs is a mature Internet program (typically Unix) that uses the DNS to lookup information about a domain name. Open cmd.exe as an administrator and run whois64 champlain.edu. SUBMISSION: Find the following in your Champlain whois query: Name of Administrative Contact Email of Administrative Contact Name of Technical Contact Phone number of Technical Contact Primary Name Server When the Domain Name expires Post your results to your GitHub page for this lab.

  • Champlain.edu WhoIs
  • Administrative Contact: Chris North
  • Email of Administrative Contact: [email protected]
  • Technical Contact: Wayne Buttles
  • Phone number of Technical Contact: +1.802-860-2710
  • Primary Name Server: NS2.BURLINGTONTELECOM.COM
  • Domain name expires: July 31st, 2021

SUBMISSION: Run whois on a site you frequently use. Submit the same information as above.

  • mlssoccer.com WhoIs
  • Administrative Contact: Domain Administrator
  • Email of Administrative Contact: [email protected]
  • Technical Contact: Information Technology Department
  • Phone number of Technical Contact: +1.212-450-1263
  • Primary Name Server: pdns1.ultradns.net
  • Domain name expires: October 4th, 2025