Lab #2 - Assessment Worksheet
Using Wireshark and NetWitness Investigator to Analyze
Wireless Traffic
Course Name and Number:
_____________________________________________________
Student Name:
________________________________________________________________
Instructor Name:
______________________________________________________________
Lab Due Date:
________________________________________________________________
Overview
In this lab, you used two common forensic analysis tools, Wireshark and
NetWitness Investigator, to review wireless traffic in the same packet capture
file. You learned to differentiate between the more generalized capabilities of
Wireshark and the more specialized cybersecurity analysis-focused uses of
NetWitness Investigator. You also identified those parts aspects of network
traffic that remain the same regardless of the physical transport, be it wired or
wireless. Finally, in the third part of the lab, you explored Wireshark on your own
to answer a set of challenge questions.
Lab Assessment Questions & Answers
1. Which tool, Wireshark or NetWitness, provides information about the
wireless antenna strength during a captured transmission?
2. Which tool displays the MAC address and IP address information and
allows them to be correlated for a given capture transmission?
3. What is the manufacturer specific ID for the GemTek radio
transmitter/receiver?
4. The receiver and/or transmitter address is hard-coded in hardware and
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
�2
cannot be changed: it can always be counted on to correctly identify the
device transmitting. True or False.
5. The actual web host name to which www.polito.it resolved was?
6. How can one determine that the website www.polito.it is in Italy?
7. What is the IP address for www.polito.it?
8. What destination organization is the owner of record of www.polito.it?
�