Day 2 First Half anyway

Source: Dev.to

Environment Details

• IP address: 10.0.2.15

Issues Encountered

• Unable to copy and paste from the Kali terminal to chat.
• unable to locate package build-essentials
• tshark: the capture session could not be initiated due to error getting information on pipe or socket: Permission Denied
• Syntax error when running a capture filter:

sudo tshark -i eth0 tcp.flags.syn==1
# Output:
# tshark: Invalid capture filter

Knowledge Check Answers

Note: Do not continue past the knowledge questions until an answer input is received and the answers have been reviewed.

Additional Quiz Responses

• 1:B 2:B 3:A
• 1:B 2:B 3:B
• 1:B 2:A 3:C
• 1:A 2:A 3:B
• 1:B 2:A 3:B (multiple instances)
• 1:A 2:B 3:B
• 1:B 2:C 3:B
• 1:B 2:A 3:B (repeated)

Observations & Reflections

• Detected ICMP and DNS traffic but no TCP or SYN packets initially.
• After adjusting the capture filter, TCP SYN packets were observed.
• Noted many different port alerts suggesting a possible port‑scanning attack.
• No RST packets were observed during the scan.
• The scanner (Nmap) did not complete the full three‑way handshake; only the SYN was sent.
• The target system remained the same source IP while multiple destination ports were probed.
• The scan appeared to be a reconnaissance activity rather than an attempt to establish a full connection.
• Potential impact of a large‑scale scan: overload system resources, cause slowdown, or possible shutdown.