15.0.3 Class Activity – What’s Going On Answers

Class Activity – What’s Going On? (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Objectives

Identify the processes running on a computer, the protocol they are using, and their local and remote port addresses.

Part 1: Download and install the TCPView software.

Part 2: Answer the following questions.

Part 3: Use a browser and observe the TCPView window.

Background / Scenario

For a hacker to establish a connection to a remote computer, a port must be listening on that device. This may be due to infection by malware, or a vulnerability in a legitimate piece of software. A utility, such as TCPView, can be used to detect open ports, monitor them in real-time, and close active ports and processes using them.

Required Resources

  • PC with Internet access
  • TCPView software

Instructions

Part 1:  Download and install the TCPView software.

  1. Click the link below to reach the download page for TCPView.

http://technet.microsoft.com/en-us/sysinternals/tcpview.aspx

Screen shot of the web page to download TCPview

  1. Create a folder on the desktop named TCPView.
  2. Extract the contents of the zip to this new folder.
  3. Start the Tcpview Application.
  4. Finally, Agree to the software license terms.

Screen shot of the TCPview application running

Part 2:  Answer the following questions.

Questions:

  1. How many Endpoints are listed?

Type your answers here.

Answers may vary, 55 in the example graphics.

  1. How many are Listening?

Type your answers here.

Answers may vary, 24 in the example graphics.

  1. How many Endpoints are Established?

Type your answers here.

Answers may vary, 1 in the example graphics.

Part 3:  Use a browser and observe the TCPView window.

  1. Open the Options menu and click “Always on Top”.

Note: Use the Help section of the program to help you answer the following questions.

  1. Open any browser.

Question:

What happens in the TCPView window?

Type your answers here.

Answers may vary, multiple browser processes open and turn green across the screen, then some may turn to yellow, red, or white.

  1. Browse to cisco.com.

Question:

What happens in the TCPView window?

Type your answers here.

Answers may vary, more browser processes open as green across the screen, then some may turn to yellow, red, or white.

  1. Close the browser.

Questions:

What happens in the TCPView window?

Type your answers here.

Answers may vary, after some time, multiple browser processes turn red as they close.

What do you think the colors mean?

Type your answers here.

Answers may vary, green lines indicate starting processes, yellow lines indicate processes that are waiting to open or close, red lines indicate processes that are closing, and white lines indicate processes that are running.

Note: To close a process directly, right-click the process and choose End Process. Using this method can cause a program or the operating system to become unstable. Only end processes that you know are safe to end. This method can be used to stop malware from communicating.

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments