微信客服:xiaoxionga100
微信客服:ITCS521
程序代写案例-SIT716
时间:2021-04-27
Assessment Information
SIT716: COMPUTER NETWORKS AND SECURITY
Assessment 2: Protocol Demonstration and Report
KEY INFORMATION
Due: Sunday May 2nd by 8pm
Weight: 20% of total mark for this unit
Approximate length: 2 to 3 pages1
Individual Assessment
PURPOSE
Throughout this unit we learn about the different protocols used in computer networks and
some of the ways they are used by attackers. In this assessment task you will demonstrate your
understanding of network protocols and security by generating and capturing both normal and
abnormal behaviour of a protocol you select, and providing a report explaining the captured
traffic and how you achieved this outcome.
!!! WARNING !!!
In completing the requirements for this assessment task, you will be required to conduct one or
more experiments that demonstrate cybersecurity attacks. It is critical that you conduct these
experiments in an isolated network environment. If you conduct your simulated attacks on a
live system connected to the Internet, or if your attacks accidentally reach a live system
connected to the Internet, you may be breaking the law and would be subject to law
enforcement actions.
The VMLab system you have been granted access to only provides access to an environment
that is safe to use and cannot affect systems connected to the Internet. If you do not
understand the requirement to isolate the network, it is strongly advised that you do not
attempt this assessment outside of the VMLab system.
1 Approximate length is only an estimate and does not include title page, contents page, references, or illustrations
(including screenshots of packet captures), i.e., the length is indicative of the text of your answer only. Indicated
length is based on sensible settings, e.g., 2cm margins, 12 point font, reasonable spacing. Whilst there is no
penalty for an over-sized answer, note that excessively large answers are likely to lack clarity and can even
demonstrate a lack of understanding.
Assessment Information
TASK(S)
Part 1 – Packet Captures
In this assessment you are required to select a network protocol, and design and conduct
experiments to demonstrate:
i. The behaviour of the protocol during normal conditions, i.e., the network is not
under attack; and
ii. The behaviour of the protocol that is symptomatic of unusual conditions, i.e., the
network is currently being attacked.
For the purpose of this demonstration you may select any network protocol, whether examined
in the unit or not. Note however that you must be demonstrating unusual behaviour of a
network protocol, e.g., malware being downloaded over HTTP is not in itself unusual behaviour
– HTTP is a protocol intended for downloading files of any kind.
The behaviour of your chosen protocol, both during normal conditions and during attack, must
be captured and saved in Wireshark PCAP/PCAPNG files (select File Save As in Wireshark).
You can submit your captures either in a single PCAP file or multiple PCAP files, however you
must clearly identify which files/packet numbers are relevant in your report. You are
responsible for ensuring that any traffic you generate is appropriately isolated and does not
impact real networks, as noted in the warning on the front page of this task.
Before selecting a protocol and attack for the purposes of this task, you should first review the
requirements of the report below and the rubric to ensure you select an appropriate protocol
for the grade that you are targeting. In particular, the highest grading for several rubric criteria
require that you demonstrate an attack that is not covered by the unit, i.e., the unit materials
do not include step-by-step instructions for performing the attack you have selected.
Note that it is not possible to copy Wireshark captures out of the VMLab system, you’ll need to
prepare your own platform for the purposes of this assignment as per the screencasts in the unit
materials. Pre-prepared VMs are also available, check CloudDeakin for details. If these are not
options, contact the unit chair ASAP.
Assessment Information
Part 2 – Written Report
Prepare a written report on the protocol and behaviour you have demonstrated addressing the
following points (you must use the headings indicated):
1. Introduction (<0.5 page):
• Provide a general introduction to the protocol and its purpose (what
functionality it contributes to the network, what it’s used for, etc.).
• Provide a general introduction to the network attack that you will be using in the
experiments and how it relates to the protocol you are examining.
2. Normal Behaviour (<1 page):
• Provide step-by-step instructions for how you have conducted your experiment
to generate the normal behaviour of your selected protocol. These instructions
must be clear enough for someone to repeat the experiment without requiring
further research. Example aspects you should cover include explaining any
platforms, software, and techniques used, any configuration steps required, and
the commands/GUI steps necessary to actually run the experiment.
• Explain the normal behaviour of the protocol why it is relevant to the attack you
will conduct in Part 32. For those aspects that will be affected by the security
attack, include screenshots from your packet captures showing the breakdown
of the relevant sections of the protocol (the middle panel in Wireshark) and
explain the contents of the packet and why this should be considered normal.
Note: ensure that the packet index is visible in your screenshot or provide a
written indication of the packet number.
3. Abnormal Behaviour (<1 page):
• Provide step-by-step instructions for how you have conducted your experiment
to generate the abnormal behaviour of your selected protocol (refer to the
normal behaviour page above for expectations of these instructions).
• Explain the unusual behaviour of the protocol and how it is caused by the
network attack that you have conducted. For those aspects that will be affected
by the security attack, include screenshots from your packet captures showing
the breakdown of the relevant sections of the protocol (the middle panel in
Wireshark) and explain the contents of the packet and why this should be
considered unusual. Note: ensure that the packet index is visible in your
screenshot or provide a written indication of the packet number.
4. Conclusions (<0.5 page)
• Provide a general summary for your report discussing the potential impact of
such an attack on the network and/or an organisations assets.
• Explain the difficulty of the attack you have conducted, identifying whether
specialist skills, equipment, and/or software are required. Discuss how
accessible the attack is as a result of these requirements, i.e., could anyone
perform the attack or are there a limited number of people with these
capabilities?
2 Relevance depends on the protocol and the attack selected. For example, if you were to examine TCP and a TCP
SYN flood attack, you would only need to explain/illustrate TCP’s connection establishment mechanism.
Assessment Information
SUBMISSION DETAILS
Your answers should be submitted via CloudDeakin to the TurnItIn-enabled Assignment Folder
for Assignment 2: Protocol Demonstration and Report. Your answers to each question and sub-
question must be clearly identified in your submission. Acceptable file formats are Word
documents, PowerPoint documents, PDF documents, text and rich text files, and HTML.
Compressed files, such as ZIP files or RAR files are not accepted and will not be marked.
Packet capture files should be submitted via CloudDeakin to the Assignment folder for the PCAP
Files Submission (must be submitted separately and may be up to one week later).
After submitting your assignment you should receive an email to your Deakin email address
confirming that it has been submitted. You should check that you can see your assignment in
the Submissions view of the Assignment folder after upload, and check for, and keep, the email
receipt for the submission.
ACADEMIC MISCONDUCT
Academic misconduct and plagiarism is subjected to penalties.
Plagiarism includes and not limited to:
• Copying others’ work without appropriate referencing
• Re-using assignment material completed by other students
• Contracting others to do assessment tasks on your behalf.
https://www.deakin.edu.au/students/study-support/referencing/academic-integrity
LEARNING OUTCOMES
This assignment assesses the following Graduate Learning Outcomes (GLO) and related Unit
Learning Outcomes (ULO):
Graduate Learning Outcome (GLO) Unit Learning Outcome (ULO)
GLO1: Discipline-specific knowledge and
capabilities: appropriate to the level of
study related to a discipline or profession.
ULO1: You will be required to
demonstrate knowledge of computer
network protocols.
.
GLO4: Critical Thinking: evaluating
information using critical and analytical
thinking and judgement.
ULO3: You will be required to
demonstrate normal and abnormal
behaviour of computer network protocols.
.
GLO5: Problem solving: creating solutions
to authentic (real world and ill-defined)
problems.
Assessment Information
EXTENSIONS
No extensions will be considered for this assessment unless a request is submitted through the
CloudDeakin and approved by the Unit Chair (enter SIT716 unit page and click Assessment ->
Extension request). Assignment Extensions are normally only approved when students apply
before the due date. The Unit Chair may ask you to supply supporting documentation about the
difficulties you are facing, and evidence of the work you have completed so far.
A marking penalty will be applied where the assessment task is submitted after the due date
without an approved extension as follows:
a. 5% will be deducted from available marks for each day up to five days
b. where work is submitted more than five days after the due date, the task will not be
marked and the student will receive 0% for the task.
'Day' means working day for paper submissions and calendar day for electronic submissions.
(This assessment task uses electronic submission)
Assessment Information
ENABLING COPYING FILES FROM GUEST VMs TO YOUR HOST
To complete the submission requirements of this assessment task, you will need to copy your generated packet
capture (pcap) files out of your Kali/Ubuntu VM (the guest operating system) to the operating system installed on
your computer (the host operating system). There are two steps to achieve this. First, you have to enable the
feature in VirtualBox for that particular VM, and second, you have to install the VM Guest Additions software
inside the guest operating system. A screencast is also available here demonstrating how to complete these steps,
however a summary of what needs to be done is as follows:
To install the VM Guest Additions software in Ubuntu:
1. Start the Ubuntu operating system and return the network to NAT (VirtualBox network setting) and DHCP
settings (Ubuntu network setting).
2. Start a command prompt.
3. Enter the command sudo apt-get install build-essential module-assistant dkms
4. Confirm the installation of these packets as required.
5. Enter the command sudo m-a prepare
6. Click on the Devices menu and select the option Insert Guest Additions CD image…
7. Cancel the auto-run dialog.
8. Enter the command sudo sh /media//Vbox_GAs_/VboxLinuxAdditions.run
Note that you need to insert your username and the virtual of VirtualBox at the indicated locations in the
above line. The simplest way to do this is usually just to hit the TAB key on your keyboard, which will fill in
any data it can and there is usually only one possibility for each of these.
Share a folder from your host operating system to VirtualBox:
1. In your host operating system, create a new folder/sub-directory that you want to share (you can also use
an existing folder but it’s usually not advisable unless you know what you’re doing).
2. Open VirtualBox.
3. Right-click on the virtual machine you want to share files with and click Settings.
4. Select the Shared Folders tab.
5. Click on the Add new shared folder button ( ).
6. Use the Folder Path drop-down to browse to and select the folder you created in Step 1.
7. Make sure the Read-only flag is off (un-ticked).
8. Make sure the Auto-mount flag is on (ticked).
9. Click OK to accept the changes.
10. The shared folder/s are mapped to /media/sf_doc by default (there is an icon on your desktop as well).
Note: If you find that you don’t have access to this folder, enter the command sudo adduser $USER vboxsf
and then logout/login (or reboot).
You can copy files using the graphical file browswer or by using the cp command, e.g.,
cp /media/sf_doc/
Note 1. The pre-prepared VMs will already have this support installed, you will only need to complete the above
instructions for sharing a folder from your host operating system.
Note 2. If you choose to use your own VMs, you can complete the requirements of this assignment before you
have completed the above steps, generating and saving the required packet captures inside the VM at any time
(do not rewind the VM to a snapshot after you have done this!). You can then work on/complete the report,
then return to the above steps to extract the PCAPs from your VM when it’s time to submit.
Note 3. An alternative to the above steps is to return the VM to NAT (see first steps above), and then use the
browser inside the VM to connect to the SIT716 unit site and upload the PCAPs directly. Don’t forget to return
the VM to the inside network once you have finished though!
Assessment Information
SIT716 Computer Networks and Security
Assessment Task 2: Protocol Demonstration and Report
Note: Criteria which indicate only credit, pass, and fail evaluations will receive full marks for the credit and half marks for pass.
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
1. Introduction (10 marks)
Criteria 1a:
5%
Introduction: Protocol
introduction and purpose
The protocol and its purpose
have been introduced in a clear
manner and the significance of
this protocol has been
explained. There are no major
misunderstandings or errors in
the answer.
The protocol and its purpose
have been introduced in a
manner that clearly explains
the role of the protocol in the
network. There are no major
misunderstandings or errors
in the answer.
The protocol and its purpose
have been introduced
acceptably, however there
are minor inaccuracies or
some minor elements of the
introduction that are
unclear/inadequate.
A very poor and/or
incomplete introduction to
the protocol and its purpose
have been provided.
Question not attempted or
the protocol introduced in this
section does not match the
protocol used for the
demonstration.
Criteria 1b:
5%
Introduction: Attack
introduction and
relationship to protocol.
The attack and its relationship
to the protocol have been
clearly introduced and it is clear
how the protocol is affected by
the attack. The attack is not
covered by the unit. There are
no major misunderstandings or
errors in the answer.
The attack and its
relationship to the protocol
have been clearly introduced
and it is clear how the
protocol is affected by the
attack. There are no major
misunderstandings or errors
in the answer.
The attack and its
relationship to the protocol
have been introduced
acceptably, however there
are minor inaccuracies or
some minor elements of the
introduction that are
unclear/inadequate.
A very poor and/or
incomplete introduction to
the attack and its relationship
to the protocol have been
provided.
Question not attempted or
the attack introduced in this
section does not match the
attack used for the
demonstration.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
2. Normal Behaviour (40 marks)
Criteria 2a:
10%
Normal Behaviour:
Step-by-step instructions.
Step-by-step instructions
provided that are very well
written and can easily be
followed to reproduce the
experiment without assuming
any significant knowledge in
the reader. There are no
apparent gaps.
Step-by-step instructions
provided that are well
written and can be easily
followed to reproduce the
experiment. There are no
apparent gaps.
Step-by-step instructions are
reasonably complete and can
be followed without
requiring significant
additional research. Minor
gaps in instructions are
acceptable.
Step-by-step instructions
have been provided however
they are clearly incomplete
or would require the reader
to conduct significant
research to resolve gaps in
the instructions.
Question not attempted or
the instructions are not
relevant to the experiment
demonstrated in the other
components to Part 2.
Criteria 2b:
15%
Normal Behaviour:
Operation of selected
protocol.
Normal protocol operation
relevant to the attack in Part 3
has been explained clearly and
it is apparent that you have a
good understanding of the
protocol you selected for this
demonstration. The attack is
not covered by the unit. There
are no major
misunderstandings in the
answer.
Normal protocol operation
relevant to the attack in Part
3 has been explained clearly
and it is apparent that you
have a good understanding
of the protocol you selected
for this demonstration.
There are no major
misunderstandings in the
answer.
Normal protocol operation
relevant to the attack in Part
3 has been adequately
explained.
An incomplete description of
the normal operation of the
protocol relevant to the
attack conducted in Part 3, or
significant aspects are
missing, confused, or
inadequately explained.
Question not attempted or
the explanation does not
relate to those aspects of the
protocol that are relevant to
the attack demonstrated in
Part 3.
Criteria 2c:
15%
Normal Behaviour:
Packet captures.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
complete and well explained.
PCAPs have been submitted
that match the captures shown.
The attack is not covered by the
unit. There are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
complete and well explained.
PCAPs have been submitted
that match the captures
shown. There are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
mostly complete and
reasonably explained,
although some minor
inaccuracies may be present.
Screenshots of captured
packets or the explanation of
the contents of these packets
are incomplete, inaccurate,
or not entirely relevant to the
attack demonstrated in Part
3.
Question not attempted or
screenshots of captured
packets are not relevant to
the attack demonstrated in
Part 3.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
3. Abnormal Behaviour (40 marks)
Criteria 3a:
10%
Unusual Behaviour:
Step-by-step instructions.
Step-by-step instructions
provided that are very well
written and can easily be
followed to reproduce the
experiment without assuming
any significant knowledge in
the reader. There are no
apparent gaps.
Step-by-step instructions
provided that are well
written and can be easily
followed to reproduce the
experiment. There are no
apparent gaps.
Step-by-step instructions are
reasonably complete and can
be followed without
requiring significant
additional research. Minor
gaps in instructions are
acceptable.
Step-by-step instructions
have been provided however
they are clearly incomplete
or would require the reader
to conduct significant
research to resolve gaps in
the instructions.
Question not attempted or
the instructions are not
relevant to the experiment
demonstrated in the other
components to Part 2.
Criteria 3b:
15%
Unusual Behaviour:
Changes to observed
behaviour
Unusual protocol operation
relevant to the attack has been
explained clearly and it is
apparent that you have a good
understanding of the changes
in behaviour and how they are
caused by the attack. The
attack is not covered by the
unit. There are no major
misunderstandings in the
answer.
Unusual protocol operation
relevant to the attack has
been explained clearly and it
is apparent that you have a
good understanding of the
changes in behaviour and
how they are caused by the
attack. There are no major
misunderstandings in the
answer.
Unusual protocol operation
and how this is caused by the
attack has been adequately
explained.
An incomplete description of
the unusual operation of the
protocol and how this is
caused by the attack, or
significant aspects are
missing, confused, or
inadequately explained.
Question not attempted or
the explanation does not
relate to those aspects of the
protocol that are relevant to
the attack demonstrated in
Part 3.
Criteria 3c:
15%
Unusual Behaviour:
Packet captures.
Screenshots of captured
packets relevant to the attack
are complete and well
explained. PCAPs have been
submitted that match the
captures shown. The attack is
not covered by the unit. There
are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
are complete and well
explained. PCAPs have been
submitted that match the
captures shown. There are
no major misunderstandings
in the explanations.
Screenshots of captured
packets relevant to the attack
are mostly complete and
reasonably explained,
although some minor
inaccuracies may be present.
Screenshots of captured
packets or the explanation of
the contents of these packets
are incomplete, inaccurate,
or not entirely relevant to the
attack.
Question not attempted or
screenshots of captured
packets are not relevant to
the attack.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
4. Conclusions (10 marks)
Criteria 4:
5%
Conclusions: Potential
impact of the attack.
The potential impact of the
attack addressed in Part 3 has
been discussed well and it is
apparent that you have a good
understanding of potential
impacts both directly related to
the attack and the bigger
picture of network
activity/operations. The attack
is not covered by the unit.
There are no major
misunderstandings in the
answer.
The potential impact of the
attack addressed in Part 3
has been discussed well and
it is apparent that you have a
good understanding of
potential impacts both
directly related to the attack
and the bigger picture of
network activity/operations.
There are no major
misunderstandings in the
answer.
The potential impact of the
attack addressed in Part 3
has been adequately
discussed and it is apparent
you have a reasonable
understanding.
The potential impact of the
attack addressed in Part 3
has been poorly considered
and there is a general lack of
insight, the answer is
confused, or inadequately
discussed.
Question not attempted or
the potential impact does not
address the attack addressed
in Part 3.
Criteria 4:
5%
Conclusions: Difficulty of
the attack.
The difficulty of performing the
attack addressed in Part 3 has
been well considered and the
technical skills, equipment,
and/ or software required and
their accessibility have all been
clearly explained. The attack is
not covered by the unit. There
are no major
misunderstandings in the
answer.
The difficulty of performing
the attack addressed in Part
3 has been well considered
and the technical skills,
equipment, and/ or software
required and their
accessibility have all been
clearly explained. There are
no major misunderstandings
in the answer.
The difficulty of performing
the attack in Part 3 has been
adequately considered with
most requirements
reasonably identified in the
discussion. Minor
inaccuracies may be present.
The difficult of performing
the attack addressed in Part 3
has been considered but is
clearly incomplete, confused,
or there are significant errors
in the included discussion.
Question not attempted or
does not consider the attack
addressed in Part 3.
SIT716: COMPUTER NETWORKS AND SECURITY
Assessment 2: Protocol Demonstration and Report
KEY INFORMATION
Due: Sunday May 2nd by 8pm
Weight: 20% of total mark for this unit
Approximate length: 2 to 3 pages1
Individual Assessment
PURPOSE
Throughout this unit we learn about the different protocols used in computer networks and
some of the ways they are used by attackers. In this assessment task you will demonstrate your
understanding of network protocols and security by generating and capturing both normal and
abnormal behaviour of a protocol you select, and providing a report explaining the captured
traffic and how you achieved this outcome.
!!! WARNING !!!
In completing the requirements for this assessment task, you will be required to conduct one or
more experiments that demonstrate cybersecurity attacks. It is critical that you conduct these
experiments in an isolated network environment. If you conduct your simulated attacks on a
live system connected to the Internet, or if your attacks accidentally reach a live system
connected to the Internet, you may be breaking the law and would be subject to law
enforcement actions.
The VMLab system you have been granted access to only provides access to an environment
that is safe to use and cannot affect systems connected to the Internet. If you do not
understand the requirement to isolate the network, it is strongly advised that you do not
attempt this assessment outside of the VMLab system.
1 Approximate length is only an estimate and does not include title page, contents page, references, or illustrations
(including screenshots of packet captures), i.e., the length is indicative of the text of your answer only. Indicated
length is based on sensible settings, e.g., 2cm margins, 12 point font, reasonable spacing. Whilst there is no
penalty for an over-sized answer, note that excessively large answers are likely to lack clarity and can even
demonstrate a lack of understanding.
Assessment Information
TASK(S)
Part 1 – Packet Captures
In this assessment you are required to select a network protocol, and design and conduct
experiments to demonstrate:
i. The behaviour of the protocol during normal conditions, i.e., the network is not
under attack; and
ii. The behaviour of the protocol that is symptomatic of unusual conditions, i.e., the
network is currently being attacked.
For the purpose of this demonstration you may select any network protocol, whether examined
in the unit or not. Note however that you must be demonstrating unusual behaviour of a
network protocol, e.g., malware being downloaded over HTTP is not in itself unusual behaviour
– HTTP is a protocol intended for downloading files of any kind.
The behaviour of your chosen protocol, both during normal conditions and during attack, must
be captured and saved in Wireshark PCAP/PCAPNG files (select File Save As in Wireshark).
You can submit your captures either in a single PCAP file or multiple PCAP files, however you
must clearly identify which files/packet numbers are relevant in your report. You are
responsible for ensuring that any traffic you generate is appropriately isolated and does not
impact real networks, as noted in the warning on the front page of this task.
Before selecting a protocol and attack for the purposes of this task, you should first review the
requirements of the report below and the rubric to ensure you select an appropriate protocol
for the grade that you are targeting. In particular, the highest grading for several rubric criteria
require that you demonstrate an attack that is not covered by the unit, i.e., the unit materials
do not include step-by-step instructions for performing the attack you have selected.
Note that it is not possible to copy Wireshark captures out of the VMLab system, you’ll need to
prepare your own platform for the purposes of this assignment as per the screencasts in the unit
materials. Pre-prepared VMs are also available, check CloudDeakin for details. If these are not
options, contact the unit chair ASAP.
Assessment Information
Part 2 – Written Report
Prepare a written report on the protocol and behaviour you have demonstrated addressing the
following points (you must use the headings indicated):
1. Introduction (<0.5 page):
• Provide a general introduction to the protocol and its purpose (what
functionality it contributes to the network, what it’s used for, etc.).
• Provide a general introduction to the network attack that you will be using in the
experiments and how it relates to the protocol you are examining.
2. Normal Behaviour (<1 page):
• Provide step-by-step instructions for how you have conducted your experiment
to generate the normal behaviour of your selected protocol. These instructions
must be clear enough for someone to repeat the experiment without requiring
further research. Example aspects you should cover include explaining any
platforms, software, and techniques used, any configuration steps required, and
the commands/GUI steps necessary to actually run the experiment.
• Explain the normal behaviour of the protocol why it is relevant to the attack you
will conduct in Part 32. For those aspects that will be affected by the security
attack, include screenshots from your packet captures showing the breakdown
of the relevant sections of the protocol (the middle panel in Wireshark) and
explain the contents of the packet and why this should be considered normal.
Note: ensure that the packet index is visible in your screenshot or provide a
written indication of the packet number.
3. Abnormal Behaviour (<1 page):
• Provide step-by-step instructions for how you have conducted your experiment
to generate the abnormal behaviour of your selected protocol (refer to the
normal behaviour page above for expectations of these instructions).
• Explain the unusual behaviour of the protocol and how it is caused by the
network attack that you have conducted. For those aspects that will be affected
by the security attack, include screenshots from your packet captures showing
the breakdown of the relevant sections of the protocol (the middle panel in
Wireshark) and explain the contents of the packet and why this should be
considered unusual. Note: ensure that the packet index is visible in your
screenshot or provide a written indication of the packet number.
4. Conclusions (<0.5 page)
• Provide a general summary for your report discussing the potential impact of
such an attack on the network and/or an organisations assets.
• Explain the difficulty of the attack you have conducted, identifying whether
specialist skills, equipment, and/or software are required. Discuss how
accessible the attack is as a result of these requirements, i.e., could anyone
perform the attack or are there a limited number of people with these
capabilities?
2 Relevance depends on the protocol and the attack selected. For example, if you were to examine TCP and a TCP
SYN flood attack, you would only need to explain/illustrate TCP’s connection establishment mechanism.
Assessment Information
SUBMISSION DETAILS
Your answers should be submitted via CloudDeakin to the TurnItIn-enabled Assignment Folder
for Assignment 2: Protocol Demonstration and Report. Your answers to each question and sub-
question must be clearly identified in your submission. Acceptable file formats are Word
documents, PowerPoint documents, PDF documents, text and rich text files, and HTML.
Compressed files, such as ZIP files or RAR files are not accepted and will not be marked.
Packet capture files should be submitted via CloudDeakin to the Assignment folder for the PCAP
Files Submission (must be submitted separately and may be up to one week later).
After submitting your assignment you should receive an email to your Deakin email address
confirming that it has been submitted. You should check that you can see your assignment in
the Submissions view of the Assignment folder after upload, and check for, and keep, the email
receipt for the submission.
ACADEMIC MISCONDUCT
Academic misconduct and plagiarism is subjected to penalties.
Plagiarism includes and not limited to:
• Copying others’ work without appropriate referencing
• Re-using assignment material completed by other students
• Contracting others to do assessment tasks on your behalf.
https://www.deakin.edu.au/students/study-support/referencing/academic-integrity
LEARNING OUTCOMES
This assignment assesses the following Graduate Learning Outcomes (GLO) and related Unit
Learning Outcomes (ULO):
Graduate Learning Outcome (GLO) Unit Learning Outcome (ULO)
GLO1: Discipline-specific knowledge and
capabilities: appropriate to the level of
study related to a discipline or profession.
ULO1: You will be required to
demonstrate knowledge of computer
network protocols.
.
GLO4: Critical Thinking: evaluating
information using critical and analytical
thinking and judgement.
ULO3: You will be required to
demonstrate normal and abnormal
behaviour of computer network protocols.
.
GLO5: Problem solving: creating solutions
to authentic (real world and ill-defined)
problems.
Assessment Information
EXTENSIONS
No extensions will be considered for this assessment unless a request is submitted through the
CloudDeakin and approved by the Unit Chair (enter SIT716 unit page and click Assessment ->
Extension request). Assignment Extensions are normally only approved when students apply
before the due date. The Unit Chair may ask you to supply supporting documentation about the
difficulties you are facing, and evidence of the work you have completed so far.
A marking penalty will be applied where the assessment task is submitted after the due date
without an approved extension as follows:
a. 5% will be deducted from available marks for each day up to five days
b. where work is submitted more than five days after the due date, the task will not be
marked and the student will receive 0% for the task.
'Day' means working day for paper submissions and calendar day for electronic submissions.
(This assessment task uses electronic submission)
Assessment Information
ENABLING COPYING FILES FROM GUEST VMs TO YOUR HOST
To complete the submission requirements of this assessment task, you will need to copy your generated packet
capture (pcap) files out of your Kali/Ubuntu VM (the guest operating system) to the operating system installed on
your computer (the host operating system). There are two steps to achieve this. First, you have to enable the
feature in VirtualBox for that particular VM, and second, you have to install the VM Guest Additions software
inside the guest operating system. A screencast is also available here demonstrating how to complete these steps,
however a summary of what needs to be done is as follows:
To install the VM Guest Additions software in Ubuntu:
1. Start the Ubuntu operating system and return the network to NAT (VirtualBox network setting) and DHCP
settings (Ubuntu network setting).
2. Start a command prompt.
3. Enter the command sudo apt-get install build-essential module-assistant dkms
4. Confirm the installation of these packets as required.
5. Enter the command sudo m-a prepare
6. Click on the Devices menu and select the option Insert Guest Additions CD image…
7. Cancel the auto-run dialog.
8. Enter the command sudo sh /media/
Note that you need to insert your username and the virtual of VirtualBox at the indicated locations in the
above line. The simplest way to do this is usually just to hit the TAB key on your keyboard, which will fill in
any data it can and there is usually only one possibility for each of these.
Share a folder from your host operating system to VirtualBox:
1. In your host operating system, create a new folder/sub-directory that you want to share (you can also use
an existing folder but it’s usually not advisable unless you know what you’re doing).
2. Open VirtualBox.
3. Right-click on the virtual machine you want to share files with and click Settings.
4. Select the Shared Folders tab.
5. Click on the Add new shared folder button ( ).
6. Use the Folder Path drop-down to browse to and select the folder you created in Step 1.
7. Make sure the Read-only flag is off (un-ticked).
8. Make sure the Auto-mount flag is on (ticked).
9. Click OK to accept the changes.
10. The shared folder/s are mapped to /media/sf_doc by default (there is an icon on your desktop as well).
Note: If you find that you don’t have access to this folder, enter the command sudo adduser $USER vboxsf
and then logout/login (or reboot).
You can copy files using the graphical file browswer or by using the cp command, e.g.,
cp
Note 1. The pre-prepared VMs will already have this support installed, you will only need to complete the above
instructions for sharing a folder from your host operating system.
Note 2. If you choose to use your own VMs, you can complete the requirements of this assignment before you
have completed the above steps, generating and saving the required packet captures inside the VM at any time
(do not rewind the VM to a snapshot after you have done this!). You can then work on/complete the report,
then return to the above steps to extract the PCAPs from your VM when it’s time to submit.
Note 3. An alternative to the above steps is to return the VM to NAT (see first steps above), and then use the
browser inside the VM to connect to the SIT716 unit site and upload the PCAPs directly. Don’t forget to return
the VM to the inside network once you have finished though!
Assessment Information
SIT716 Computer Networks and Security
Assessment Task 2: Protocol Demonstration and Report
Note: Criteria which indicate only credit, pass, and fail evaluations will receive full marks for the credit and half marks for pass.
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
1. Introduction (10 marks)
Criteria 1a:
5%
Introduction: Protocol
introduction and purpose
The protocol and its purpose
have been introduced in a clear
manner and the significance of
this protocol has been
explained. There are no major
misunderstandings or errors in
the answer.
The protocol and its purpose
have been introduced in a
manner that clearly explains
the role of the protocol in the
network. There are no major
misunderstandings or errors
in the answer.
The protocol and its purpose
have been introduced
acceptably, however there
are minor inaccuracies or
some minor elements of the
introduction that are
unclear/inadequate.
A very poor and/or
incomplete introduction to
the protocol and its purpose
have been provided.
Question not attempted or
the protocol introduced in this
section does not match the
protocol used for the
demonstration.
Criteria 1b:
5%
Introduction: Attack
introduction and
relationship to protocol.
The attack and its relationship
to the protocol have been
clearly introduced and it is clear
how the protocol is affected by
the attack. The attack is not
covered by the unit. There are
no major misunderstandings or
errors in the answer.
The attack and its
relationship to the protocol
have been clearly introduced
and it is clear how the
protocol is affected by the
attack. There are no major
misunderstandings or errors
in the answer.
The attack and its
relationship to the protocol
have been introduced
acceptably, however there
are minor inaccuracies or
some minor elements of the
introduction that are
unclear/inadequate.
A very poor and/or
incomplete introduction to
the attack and its relationship
to the protocol have been
provided.
Question not attempted or
the attack introduced in this
section does not match the
attack used for the
demonstration.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
2. Normal Behaviour (40 marks)
Criteria 2a:
10%
Normal Behaviour:
Step-by-step instructions.
Step-by-step instructions
provided that are very well
written and can easily be
followed to reproduce the
experiment without assuming
any significant knowledge in
the reader. There are no
apparent gaps.
Step-by-step instructions
provided that are well
written and can be easily
followed to reproduce the
experiment. There are no
apparent gaps.
Step-by-step instructions are
reasonably complete and can
be followed without
requiring significant
additional research. Minor
gaps in instructions are
acceptable.
Step-by-step instructions
have been provided however
they are clearly incomplete
or would require the reader
to conduct significant
research to resolve gaps in
the instructions.
Question not attempted or
the instructions are not
relevant to the experiment
demonstrated in the other
components to Part 2.
Criteria 2b:
15%
Normal Behaviour:
Operation of selected
protocol.
Normal protocol operation
relevant to the attack in Part 3
has been explained clearly and
it is apparent that you have a
good understanding of the
protocol you selected for this
demonstration. The attack is
not covered by the unit. There
are no major
misunderstandings in the
answer.
Normal protocol operation
relevant to the attack in Part
3 has been explained clearly
and it is apparent that you
have a good understanding
of the protocol you selected
for this demonstration.
There are no major
misunderstandings in the
answer.
Normal protocol operation
relevant to the attack in Part
3 has been adequately
explained.
An incomplete description of
the normal operation of the
protocol relevant to the
attack conducted in Part 3, or
significant aspects are
missing, confused, or
inadequately explained.
Question not attempted or
the explanation does not
relate to those aspects of the
protocol that are relevant to
the attack demonstrated in
Part 3.
Criteria 2c:
15%
Normal Behaviour:
Packet captures.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
complete and well explained.
PCAPs have been submitted
that match the captures shown.
The attack is not covered by the
unit. There are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
complete and well explained.
PCAPs have been submitted
that match the captures
shown. There are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
demonstrated in Part 3 are
mostly complete and
reasonably explained,
although some minor
inaccuracies may be present.
Screenshots of captured
packets or the explanation of
the contents of these packets
are incomplete, inaccurate,
or not entirely relevant to the
attack demonstrated in Part
3.
Question not attempted or
screenshots of captured
packets are not relevant to
the attack demonstrated in
Part 3.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
3. Abnormal Behaviour (40 marks)
Criteria 3a:
10%
Unusual Behaviour:
Step-by-step instructions.
Step-by-step instructions
provided that are very well
written and can easily be
followed to reproduce the
experiment without assuming
any significant knowledge in
the reader. There are no
apparent gaps.
Step-by-step instructions
provided that are well
written and can be easily
followed to reproduce the
experiment. There are no
apparent gaps.
Step-by-step instructions are
reasonably complete and can
be followed without
requiring significant
additional research. Minor
gaps in instructions are
acceptable.
Step-by-step instructions
have been provided however
they are clearly incomplete
or would require the reader
to conduct significant
research to resolve gaps in
the instructions.
Question not attempted or
the instructions are not
relevant to the experiment
demonstrated in the other
components to Part 2.
Criteria 3b:
15%
Unusual Behaviour:
Changes to observed
behaviour
Unusual protocol operation
relevant to the attack has been
explained clearly and it is
apparent that you have a good
understanding of the changes
in behaviour and how they are
caused by the attack. The
attack is not covered by the
unit. There are no major
misunderstandings in the
answer.
Unusual protocol operation
relevant to the attack has
been explained clearly and it
is apparent that you have a
good understanding of the
changes in behaviour and
how they are caused by the
attack. There are no major
misunderstandings in the
answer.
Unusual protocol operation
and how this is caused by the
attack has been adequately
explained.
An incomplete description of
the unusual operation of the
protocol and how this is
caused by the attack, or
significant aspects are
missing, confused, or
inadequately explained.
Question not attempted or
the explanation does not
relate to those aspects of the
protocol that are relevant to
the attack demonstrated in
Part 3.
Criteria 3c:
15%
Unusual Behaviour:
Packet captures.
Screenshots of captured
packets relevant to the attack
are complete and well
explained. PCAPs have been
submitted that match the
captures shown. The attack is
not covered by the unit. There
are no major
misunderstandings in the
explanations.
Screenshots of captured
packets relevant to the attack
are complete and well
explained. PCAPs have been
submitted that match the
captures shown. There are
no major misunderstandings
in the explanations.
Screenshots of captured
packets relevant to the attack
are mostly complete and
reasonably explained,
although some minor
inaccuracies may be present.
Screenshots of captured
packets or the explanation of
the contents of these packets
are incomplete, inaccurate,
or not entirely relevant to the
attack.
Question not attempted or
screenshots of captured
packets are not relevant to
the attack.
Assessment Information
Criteria Advanced answer
(100%)
Clear answer
(75%)
Reasonable answer
(50%)
Flawed answer
(25%)
No merit
(0%)
4. Conclusions (10 marks)
Criteria 4:
5%
Conclusions: Potential
impact of the attack.
The potential impact of the
attack addressed in Part 3 has
been discussed well and it is
apparent that you have a good
understanding of potential
impacts both directly related to
the attack and the bigger
picture of network
activity/operations. The attack
is not covered by the unit.
There are no major
misunderstandings in the
answer.
The potential impact of the
attack addressed in Part 3
has been discussed well and
it is apparent that you have a
good understanding of
potential impacts both
directly related to the attack
and the bigger picture of
network activity/operations.
There are no major
misunderstandings in the
answer.
The potential impact of the
attack addressed in Part 3
has been adequately
discussed and it is apparent
you have a reasonable
understanding.
The potential impact of the
attack addressed in Part 3
has been poorly considered
and there is a general lack of
insight, the answer is
confused, or inadequately
discussed.
Question not attempted or
the potential impact does not
address the attack addressed
in Part 3.
Criteria 4:
5%
Conclusions: Difficulty of
the attack.
The difficulty of performing the
attack addressed in Part 3 has
been well considered and the
technical skills, equipment,
and/ or software required and
their accessibility have all been
clearly explained. The attack is
not covered by the unit. There
are no major
misunderstandings in the
answer.
The difficulty of performing
the attack addressed in Part
3 has been well considered
and the technical skills,
equipment, and/ or software
required and their
accessibility have all been
clearly explained. There are
no major misunderstandings
in the answer.
The difficulty of performing
the attack in Part 3 has been
adequately considered with
most requirements
reasonably identified in the
discussion. Minor
inaccuracies may be present.
The difficult of performing
the attack addressed in Part 3
has been considered but is
clearly incomplete, confused,
or there are significant errors
in the included discussion.
Question not attempted or
does not consider the attack
addressed in Part 3.
