Differences
This shows you the differences between two versions of the page.
|
ep:labs:09 [2021/12/04 19:20] andrei.mirciu [03. Network Monitoring] |
ep:labs:09 [2021/12/05 13:57] (current) andrei.mirciu [Tasks] |
||
|---|---|---|---|
| Line 105: | Line 105: | ||
| Due to this reason, we are calling upon another tool developed by Microsoft, more precisely **[[https://www.microsoft.com/en-us/download/details.aspx?id=4865 | Microsoft Network Monitor]]**. After we install it, start it using “Run as administrator” and select the network interface through which the traffic is expected to pass (cable, wifi, etc.), we will be able to capture the frames. | Due to this reason, we are calling upon another tool developed by Microsoft, more precisely **[[https://www.microsoft.com/en-us/download/details.aspx?id=4865 | Microsoft Network Monitor]]**. After we install it, start it using “Run as administrator” and select the network interface through which the traffic is expected to pass (cable, wifi, etc.), we will be able to capture the frames. | ||
| - | As in the case of the CPU, inspecting the events taking place on the network involves some amount of work for the analyst. However, since this is a simple case, we can just expand the view on the traffic generated by Winhttp.exe, and notice the request for putty.exe. If it is still not clear why some requests are there or why they last so long, we can integrate the application that we wish to investigate with Process Monitor. This way, we can insert logging elements to find out what request are made and how long they take. Furthermore, the part with timing the requests and traffic can be determined straight from Network Monitor, by considering the times of the packets. | + | Last but not least, another well-known tool that you should already be familiar with from the Linux network monitoring lab is **[[https://www.wireshark.org/download.html | Wireshark]]**. This can be used for displaying all traffic generated on a HTTP connection (it can also be HTTPS, as long as we control the server, but this is not in the scope of this tutorial). |
| - | + | ||
| - | Last but not least, another well-known tool that you should already be familiar with from the Linux network monitoring lab is [[https://www.wireshark.org/download.html | Wireshark]]. This can be used for displaying all traffic generated on a HTTP connection (it can also be HTTPS, as long as we control the server, but this is not in the scope of this tutorial). | + | |
| <note tip> | <note tip> | ||
| Line 116: | Line 114: | ||
| <note warning> | <note warning> | ||
| - | The password for {{:ep:laboratoare:logs2.zip | log2.zip}} and {{:ep:labs:build.zip | build.zip}} is: //parola// | + | The skeleton for this lab can be found here: {{:ep:laboratoare:lab09-tasks.zip|}} |
| </note> | </note> | ||
| {{namespace>:ep:labs:09:contents:tasks&nofooter&noeditbutton}} | {{namespace>:ep:labs:09:contents:tasks&nofooter&noeditbutton}} | ||
