If you have a MacBook, please answer these questions as soon as possible. I need your help; I can't even find those things.
WHAT? This lab is designed for either a Windows or Mac computer. To complete the lab, provide screenshots of important steps and provide an answer to each of the questions for your system. Please start each answer with the question number and restate the question. You may answer with text or screenshots, whichever you believe best addresses the question. Record your answers in a document, export to PDF, and post the PDF to this lab assignment.
WHY? Data flows freely. Most of it is not encrypted. Networks are a paradise for anyone who wants to peer into our private lives. But what do these snoopers actually find, and how much data must they sort through to find anything valuable? Let’s take a look at the data flowing on your LAN and the data that’s exchanged over the Internet.
Requirements
For this lab, you’ll need a computer running macOS or Microsoft Windows; the lab is different for each platform. Your computer should be connected to a Wi-Fi network. The instructions are generalized; they provide helpful guidelines, but not specific steps. You may have to explore a bit to find all the tools needed to complete the assignment, but that is all part of the learning experience.
MacOS Lab
Open Activity Monitor’s Network tab to view network activity
The easiest way to open Activity Monitor is to select the Applications folder from the dock, select the Utilities folder, then select Activity Monitor. Once the Activity Monitor window is open, select the Network button. Arrange your desktop into two windows: one with Activity Monitor and one with a browser. Now navigate to several Web sites and note what happens in Activity Monitor. The graph uses red for sent packets and blue for received packets. Data transport speeds are listed as “Data received/sec” and “Data sent/sec.”
Question: What are typical speeds for sending and receiving data on your network?
Monitor network activity
Continue watching the graph when you are not using the browser.
Question: Why do you think there is activity even when you are not actively using network services?
Look at the process chart above the graph.
The Sent Bytes and Rcvd Bytes columns of the chart list active processes and show when they send or receive data.
Question: Can you determine which applications are sending and receiving data over the network even when you are not actively using network services?
Run netstat
Open the Applications folder and select the Terminal app. At the command prompt, type netstat lb | head. Look at the beginning of the report. The columns contain the following data:
Proto: The protocol, which is TCP or UDP.
Rec-Q and Send-Q: Data that is queued up for sending or receiving.
Local Address: The origin of outgoing packets.
Foreign Address: The source of incoming packets. The address ends with its protocol; https indicates a secure Web protocol.
(state): ESTABLISHED is an active connection. A socket is CLOSED. A CLOSE-WAIT socket is in the process of closing.
rxbytes and txbytes: The number of bytes received by or transmitted from the foreign server.
Answer the following questions:
How many foreign addresses are listed?
What is the IP address of the server with the longest connection time?
What is the protocol of these connections?
Are there any entries that list the local and foreign address as the same?
