User Account

All Pages

Determine ip address of the computer that was compromised

Assignment Help C/C++ Programming
Reference no: EM13866857

C Programming Applications: Project

Objective:

You're working as an analyst at your organization's Security Operations Center (SOC). One of the other analysts was investigating alerts on a Windows host that indicated that the computer is infected. That analyst retrieved a PCAP of network traffic from the network. PCAP (Packet Capture) is a protocol for wireless Internet communication that allows a computer or device to receive incoming information from another device and convert that into usable information.

You've been asked to review the PCAP file and determine the IP address of the computer that was compromised, in addition to all possibly malicious IP addresses to which the system connected after the infection.

Phase 1: Read Data

The PCAP file has been processed with software called WireShark to convert the binary information into ASCII text that is in a Comma Separated Value (CSV) file. For this phase, you will read the Source IP, Destination IP, Protocol, Source Port and Destination Port for each node in the network into individual arrays. The source and destination port are not columns in themselves, but are part of the description (sometimes). Make sure to do the following:

• Use a symbolic constant to set the maximum number of nodes for each array to 5000

• All arrays are declared globally

• Create a function GetData() to open and read all content into the global arrays

• Display the total number of lines read (should be 1978)

• Confirm all the data is being read correctly and displaying all the information stored in the arrays

- Create a function called DisplayData(int sIndex, int eIndex) to display all the data. sIndex is the starting index of the arrays to display, and eIndex, is the last index to display. Use the format below.

2479_Display Data Format.png

Extra Credit (+10): Display only 20 lines at a time. After each block of 20, display the text "DISPLAY MORE <Y>ES I <N>0". If the user enters anything that is not N (case insensitive), then display the next block of 20. If they enter `N" (case insensitive), then stop displaying the output.

36_Display Data Format snapshoot.png

Phase 2: Read the Black and White list files

The file blacklist.csv contains a list of IP addresses that are known to be malicious by a security company (typically these type of files contain hundreds of thousands of entries). Read the IP addresses of these systems into an array (you do not need the description of each IP). Similarly, the file whitelist.csv contains a list of IP addresses that are known to be benevolent. Typically, we only need to know the domain of the system (the first octet of the IP addresses) that way we can flag all IP addresses from that domain as safe. Because of this, this file contains Xs in the last three octets of the IP address.

Phase 3: Find the Infected Node

In this phase you will check each of the destination IP addresses against the Black List to identify any nodes that communicated with this malicious systems.

• Create a function called FindInfectedNode()

• Store the first source IP where the correspond destination IP is located within the Black List in an array called targetMachine

• Use the DisplayData function to display all the information for this system.

116_Display Data Information.png

Phase 4: Infected System Traffic

Your next task is to extract all the traffic from the infected node that is not on port 80 (regular HTTP interne traffic).

• Create a function IdentifyInfectedSystemTraffic()

• Create an array to store identified destination IP addresses from the infected system

• Find all traffic from the infected system which took place on a port other than 80 and add only unique IP addresses to the array (no duplicates)

• Display this list to make sure its correct.

1322_Infected Traffic System.png

Phase 5: Clean Infection Traffic

The list of connections from the infected system needs to be cleaned to remove systems that are most likely not malicious.

• Create a function CleanInfectedSystemTraffic()

• Identify IPs that are from the same subnet as the infected system (the first octet of the IP address is the same) as well as IP domains (first octet) from the White List

• Remove these IP addresses from the list of IP addresses of traffic from the infected system.

24_Suspicious Traffic.png

These remaining systems are all potential malicious addresses that will be further analyzed in the next project.

Phase 6: Main Menu

Create a menu to ask the user to enter a choice from 1 - 5. Make sure to employ proper input validation to ensure the user can only enter a valid choice. If the user enters an invalid choice, indicate as much, and then redisplay the menu. Link each menu to display the output from the matching phase.

1782_Main Menu.png

Attachment:- C-programing.rar

Reference no: EM13866857

Questions Cloud

Compare and contrast three nursing advocates : Compare and contrast three nursing advocates that have brought about change to public policy. What changes need to be made in the future to be successful as a profession of nursing advocates for healthcare policy reform
Who is investigating the case and what are her credentials? : Who is investigating the case and what are her credentials?
Understand the lifetimes of the gravettians : How does the parietal and moblie art help us to understand the lifetimes of the Gravettians? What materials in their environment did they utilize? Do the works of art symbolize how they saw the world
Phase analysis and microstructure sketch : 1. Perform a phase analysis and microstructure sketch for a 1035 plain carbon steel at (a) 723+oC, and (b) 723-oC. Show the lever rule calculation for one phase at each temperature.
Determine ip address of the computer that was compromised : You've been asked to review the PCAP file and determine the IP address of the computer that was compromised, in addition to all possibly malicious IP addresses to which the system connected after the infection.
Traverse survey of the points indicated : Using a total station, carry out a traverse survey of the points indicated, apply corrections and compute co-ordinates of the stations. Describe the steps undertaken to complete.
Review - korean culture : In 200-300 words you must reply to both of the classmates post below. Be sure to label each reply so that I know which one you are addressing. Please note that "I like what you said," "That's a good point," and "I disagree with your point" do not ..
Give at least two examples of an ics : Give at least two examples of an ICS (inhaled corticosteroid) and "low dose" dosing based on the most recent NHLBI asthma guidelines. please make sure to use EBP references that are of the past 5 years and use the NHLBI guidelines to give at least tw..
God without actually attacking god himself? : God without actually attacking God Himself?

Reviews

Write a Review

C/C++ Programming Questions & Answers

  Need c++ solution to cover the final stage of euro 2012

From Group Fase to elimination fases, it´s not the user who defines teams, because that must be made automatically according to classification in group fase - considering regulations.

  The fibonacci sequence

In the novel "The DaVinci Code", a scrambled version 13, 3, 2, 21, 1, 1, 8, 5 of the first eight Fibonacci numbers appear as one of the clues left by murdered museum curator Jacques Sauniere. In this assignment, we will do something related to t..

  Assignmentthe main purpose of the assignment is to let you

assignmentthe main purpose of the assignment is to let you practice the following programming techniques read data from

  The initial data structure with information about a service

Implement a program using function for a defined task. Initial data is read from a file and added from keyboard. Program has to output initial and resulting data.The initial data structure with information about a service:

  Application which will read a file of daily payments

C++ application which will read a file of daily payments, calculate the total as well as the average payment, display the results to the screen and write the results to a file. The input and output file names should be provided as command line argume..

  Recursive function

What is the result of the following recursive function when called with mm(10)? Write out the execution trace of this call to mm(10).

  Loops and if conditions

Write a program that requests a password

  Program which converts fahrenheit to centigrade

Design, create, and test a program which converts degrees Fahrenheit to degrees Centigrade (Celsius). The program must contain one main program and 3 functions: F2C() and C2F() and instructions()

  Program that asks user to enter two sides of a rectangle

The program will then display the perimeter and area of the rectangle. Both output values will be labeled and formatted with two decimal places.

  What is the output of the program below

What is the output when the following code fragment is executed?

  1 implement the tronomino tiling algorithm your program

1. implement the tronomino tiling algorithm. your program should take an arbitrary input positive integer k in the

  Perimeter of a trapezoid

Write a function in c that will return the perimeter of a trapezoid

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd