Question

To answer this question, complete the lab using the information below.

You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem.

In this lab, your task is to:
- Capture packets from the network segment on www_stage using Wireshark. Use the enp2s0 interface.

Answer 1

To investigate the problem of CorpNet's customers being unable to browse the public-facing web server, you can capture packets from the network segment using Wireshark.

Step-by-step explanation:

In this lab, the task is to capture packets from the network segment on www_stage using Wireshark, specifically using the enp2s0 interface. The goal is to investigate the problem of CorpNet's customers being unable to browse the public-facing web server. It is suspected that a TCP-SYN flood attack may be the cause of the issue.

To capture packets using Wireshark, simply launch the Wireshark application and select the enp2s0 interface for packet capturing. Wireshark will then start capturing all the network traffic on that interface. You can analyze the captured packets to identify any patterns or anomalies that may indicate a TCP-SYN flood attack.

A TCP-SYN flood attack involves overwhelming a server's resources by sending a flood of TCP-SYN packets, consuming all available connection slots and preventing legitimate requests from being processed. By analyzing the captured packets, you can look for a sudden surge in incoming TCP-SYN packets or any other signs of an abnormal amount of SYN packets.