Open two terminals on External Kali VM. Use one ping Ubuntu VM and use the other ping
Internal Kali.
a. Apply proper display or capture filter on Internal Kali VM to show active ICMP traffic.<\/p>\n\n\n\n
![\"\"](\"https:\/\/sites.wp.odu.edu\/carterhendrick-eportfolio\/wp-content\/uploads\/sites\/40163\/2025\/11\/Assignment2_pt1-1024x660.png\")
<\/figure>\n\n\n\n*I Applied this filter by going to Statistics, then conversations, selected the External kali to ubuntu conversation and selected the A \uf0e0 B option and applied it from there.<\/p>\n\n\n\n *For some reason the password was not working or I missed something<\/p>\n\n\n\n To find this information, I followed the packets until I saw the packets that had codes like 210,230, and 331 which were codes also shown when attempting to gain access to the FTP server. Then I noticed the \u201cHidden segment\u201d packet that was under the request password. I right clicked that packet then went to follow and clicked the option for the TCP stream which then showed me the entire interaction between the connection of the external Kali machine and the FTP server of the Ubuntu machine.<\/p>\n\n\n\n For this one I did the same thing but instead went straight to the USER request and followed the TCP stream which showed me the rest of the interaction<\/p>\n","protected":false},"excerpt":{"rendered":" Carter Hendrick CYSE 301 9\/30\/24 Assignment #2 Task A: Q1. How many packets are captured in total? How many packets are displayed? Total Packets: 132 Total Packets Displayed: 132 Q2. Apply \u201cICMP\u201d as a display filter in Wireshark. Then repeat the previous question (Q1). ICMP filter packets: 24 Q3. Select an Echo (replay) message from … <\/p>\n
b. Apply a proper display or capture filter on the internal Kali VM that ONLY displays the
ICMP request that originated from the external Kali VM and goes to the Ubuntu 64-bit
VM.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/carterhendrick-eportfolio\/wp-content\/uploads\/sites\/40163\/2025\/11\/Assignment2_pt2-1024x597.png\")
<\/figure>\n\n\n\n
2. Sniff FTP traffic
a. Ubuntu VM is also serving as an FTP server inside the LAN network. Now, you need to
use External Kali to access this FTP server by using the command: ftp [ip_addr of ubuntu
VM]. The username for the FTP server is cyse301, and the password is password.<\/p>\n\n\n\n
b. Unfortunately, Internal Kali, the attacker, is also sniffing into the communication.
Therefore, all of your communication is exposed to the attacker. Now, you need to find
out the password used by External Kali to access the FTP server from the intercepted
traffic on Internal Kali. You need to take a screenshot and explain how you found the
password.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/carterhendrick-eportfolio\/wp-content\/uploads\/sites\/40163\/2025\/11\/Assignment2_pt3-1024x578.png\")
<\/figure>\n\n\n\n
c. After you successfully find the username & password from the FTP traffic, repeat the
previous step (2.a), and use your MIDAS ID as the username and UIN as the password to
access the FTP server from External Kali. Although External Kali may not access the
FTP server, you need to intercept the packets containing these \u201csecrets\u201d from the
attacker VM, which is Internal Kali.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/carterhendrick-eportfolio\/wp-content\/uploads\/sites\/40163\/2025\/11\/Assignment2_pt4-1024x594.png\")
<\/figure>\n\n\n\n