CCNP TSHOOT 300-135 Ticket 017

Previous   Next

Download Lab: GNS3 | EVE-NG not supported |

Prerequisites:

 Cisco IOSv        (vios-adventerprisek9-m.vmdk.SPA.156-2.T)
 Cisco IOSvL2    (vios_l2-adventerprisek9-m.03.2017.qcow2)
 GNS3 AAA Server Download

Note:
Since prerequisite for these labs are Cisco VIRL images, Frame Relay Cloud in original topology from the Cisco will be replaced by IOSvL2 switch and configured appropriately to imitate sub-interfaces for the point-to-point links. Access to the Cloud not available. All interfaces on the Cloud are configured as 802.1q Trunk, permitting VLAN 12,23,34.


Objectives:

The network security team installed the IDS appliance to monitor and identify unusual traffic patterns. The device is connected to the ASW2 switch. When the security engineer tries to obtain information with the Wireshark traffic analyzer, he was not able to see any traffic from VLAN 10. He asks you to investigate the cause of the problem.



Topology:
 



Instruction:

On the link between ASW2 and IDS start capture. When the Wireshark opens type into filter this expression "tcp.port==80".

On the client's PCs get IP addresses automatically using " ip dhcp " command then simulate HTTP traffic to the Web server with "ping 209.65.200.241 -P 6 -p 80".

Observe that nothing is happening in the Wireshark, investigate why there is an absence of traffic.

When you are able to fix the problem and see the activity in the analyzer, investigate why the Web Server is returning the TCP [RST, ACK] but not [SYN, ACK] messages.


Validation:

TCP packets with [SYN, ACK] messages will be seen by the Wireshark application.
 

Comments

Popular Posts