Lab #2 - Assessment Worksheet
Using Wireshark and NetWitness Investigator to Analyze
Course Name and Number:
Lab Due Date:
In this lab, you used two common forensic analysis tools, Wireshark and
NetWitness Investigator, to review wireless traffic in the same packet capture
file. You learned to differentiate between the more generalized capabilities of
Wireshark and the more specialized cybersecurity analysis-focused uses of
NetWitness Investigator. You also identified those parts aspects of network
traffic that remain the same regardless of the physical transport, be it wired or
wireless. Finally, in the third part of the lab, you explored Wireshark on your own
to answer a set of challenge questions.
Lab Assessment Questions & Answers
1. Which tool, Wireshark or NetWitness, provides information about the
wireless antenna strength during a captured transmission?
2. Which tool displays the MAC address and IP address information and
allows them to be correlated for a given capture transmission?
3. What is the manufacturer specific ID for the GemTek radio
4. The receiver and/or transmitter address is hard-coded in hardware and
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
cannot be changed: it can always be counted on to correctly identify the
device transmitting. True or False.
5. The actual web host name to which www.polito.it resolved was?
6. How can one determine that the website www.polito.it is in Italy?
7. What is the IP address for www.polito.it?
8. What destination organization is the owner of record of www.polito.it?