What This Document Is
This is an activity report for Arizona State University’s Network Forensics (IFT 482) course, specifically focusing on Activity Eight: Tunneling. It details a student’s investigation into DNS traffic and potential malicious use cases, such as establishing communication channels or attaching payloads to DNS servers. The report presents findings from a practical exercise using a VM workstation and Wireshark.
Why This Document Matters
This assignment is intended for students enrolled in IFT 482 who are learning about network security and forensic analysis. It serves as a demonstration of applied skills in packet capture and analysis, specifically related to identifying and understanding DNS tunneling. It’s used to assess a student’s ability to analyze network traffic and recognize potential security threats.
Common Limitations or Challenges
This document is a student submission and represents a single investigation. It does not provide a comprehensive overview of all DNS tunneling techniques or mitigation strategies. It focuses solely on the specific scenario presented in the activity.
What This Document Provides
The full report includes: a cover sheet, an introduction and background section, a detailed procedure outlining the steps taken, key results including screenshots of Wireshark statistics (protocol hierarchy, packet capture information), analysis of those results, and concluding remarks. Specifically, screenshots are provided showing DNS traffic comprising 99.8% of captured packets, capture start/end times (Sat Nov 27 23:39:45 - 23:40:07, 22 second duration), and example DNS query data. This preview *does not* include the full analysis, detailed explanations of DNS tunneling, or the student’s complete conclusions.