Posted:

18 Jul 2025

Playing with a couple of common tools used by network defenders and attackers.

Preparation | Procedure

Preparation

  1. What are the 16b big- and little-endian representations of the number 22?

  2. What are the standard TCP ports for DNS, SSH, HTTP and HTTPS? Cite your sources.

  3. Using the Wireshark User Guide:

    1. What is the difference between a capture filter and a display filter?

    2. Give an example (using the correct filter syntax) of a display filter that cannot be expressed as a capture filter.

  4. What is a TCP three-way handshake? Cite an authoritative source or sources.

  5. Using the manual page for nmap, identify the command-line options that trigger a TCP SYN scan, a UDP scan and OS detection.

This lab will be completed in our disconnected "hacking lab" environment, so bring a USB stick to save your work.

Procedure

TBA