here's the captured picture, please answer following question

1.Switch to your Ubuntu VM and capture a snapshot of at least four pairs of communication
lines and reflect on what is happening. What hosts and what ports are involved in that
communication exchange (the portion you captured)? Elaborate.

2.Evaluate the trafficoriginating from theIP of theWindows VMthatistargeting the Ubuntu

VM IP. What is happening in the destination port sequence? Elaborate.

 

3.Based on what you have learned, what could you use to stop this potentially malicious
traffic from targeting the Ubuntu VM?

 

 

 

 

Transcribed Image Text:

382 446.322787855 172.16.247.109 - 172.16.246.138 TCP 66 60677 → 166 [SYN, ECN , CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 383 446.322835955 172.16.246.138 172.16.247.109 TCP 54 16660677 [RST, ACK Seq-1 Ack=1 Win=0 Len=0 384 446.444151524 172.16.247.109 → 172.16.246.138 TCP 66 60678 167 [SYN, ECN CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 385 446.444202491 172.16.246.138 → 172.16.247.109 TCP 54 167 60678 [RST, ACK Seq 1 Ack-1 Win-0 Len=0 386 446.561236062 172.16.247.109 172.16.246.138 TCP 66 60679 168 [SYN, ECN 60679 [RST, ACK CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 387 446.561287062 172.16.246.138 → 172.16.247.109 TCP 54 168 ]Seq=1 Ack=1 Win=0 Len=0 388 446.675212319 172.16.247.109 172.16.246.138 TCP 66 60680 169 [SYN, ECN CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 389 446.675259277 172.16.246.138 → 172.16.247.109 TCP 54 169 - 60680 [RST, ACK Seq 1 Ack-1 Win-0 Len=0 390 446.775689518 172.16.247.109 172.16.246.138 TCP 66 60681 → 170 [SYN, ECN CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 391 446.775716621 172.16.246.138 → 172.16.247.109 TCP 54 17060681 [RST, ACK Seq-1 Ack-1 Win-0 Len=0 392 446.876671840 172.16.247.109 172.16.246.138 TCP 66 60682171 [SYN, ECN CWR] Seq=0 Win=32 Len-0 MSS=1460 WS=1 SACK_PERM=1 393 446.876722490 172.16.246.138 → 172.16.247.109 TCP 54 171 - 60682 [RST, ACK ]Seq=1 Ack=1 Win=0 Len=0