Explain the differences and similarities between Wireshark and NetWitness

Assessment Instructions

Instructions

This assessment is a lab that you must complete and a report for senior executive leadership in your organization. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.

Complete the Analyzing Network Traffic to Create a Baseline Definition lab. As you go through the lab, be sure to: (COMPLETED)

Perform all screen captures as the lab instructs and paste them into a Word document. (COMPLETED)

In the same Word document:

Explain the concepts and procedures associated with analyzing network traffic by addressing the following:

Explain the differences and similarities between Wireshark and NetWitness.

Explain the steps in the TCP three-way handshake.

Describe the process for determining Wireshark network traffic packet counts.

Explain the relevance of protocol analyzers to information security professionals.

Explain baseline analysis.

What is it?

What is it used for?

Explain the difference between internal and external network traffic.

Describe the difference between TCP and UDP.

Now apply what you learned in the lab to the following scenario.

Scenario and Your Role

Information security incidents are stressful events for security practitioners. Inevitably, you will be faced with responding to an incident at some point in your career. Imagine that you discover that your organization’s network has been hacked. Indicators of compromise (IoC) include known hacking tools, modified file permissions, and multiple connections to an unknown network.

Root cause analysis shows that the attackers gained access to the network through the demilitarized zone (DMZ) from a compromised web server. A contributing factor in this attack is that the intrusion detection system (IDS) was misconfigured.

You must prepare a report on the incident for the CISO.

Requirements

Continue working in the same document; simply start your report on a new page with an appropriate heading.

In your report, address the following:

Outline an incident response plan for this type of attack.

Describe the concepts and strategies you would include in this plan.

Explain the purpose of a baseline analysis in an incident response plan.

Explain how you will test your incident response plan.

Explain the differences and similarities between Wireshark and NetWitness
Scroll to top