03 Sep Wireshark Introduction Lab Turn-in Requirements: To complete the assignment, upload a Word (.docx) or Adobe (.pdf) file with answers to these questions as your submission to the M01 Lab
Wireshark Introduction Lab
Turn-in Requirements: To complete the assignment, upload a Word (.docx) or Adobe (.pdf)
file with answers to these questions as your submission to the M01 Lab assignment in
Blackboard. You must include a screenshot for each question.
1. (10 pts) Note the Source and Destination columns in the Packet List containing IP
addresses. You should see one particular IP address repeated in nearly every packet as
the Source or Destination. What is this IP address and what device does it represent?
Provide a screenshot in your lab report.
2. (10 pts) Examine the Protocol column in the Packet List pane. Just estimating by
scrolling through the packets, what protocol seems to be listed the most (Wireshark
provides several ways to capture exact statistics like this, but such precision is not
necessary for this introductory lab). Provide a screenshot in your lab report.
3. (10 pts) Highlight one of the packets in the Packet List pane and examine the
information displayed in the Packet Details pane. Without expanding any of the rows,
look at the information provided and identify which layers of the OSI model rows 2, 3
Wireshark Introduction Lab
Wireshark is a free application you use to capture and view the data traveling back and forth on your network. It provides the ability to drill down and read the contents of each packet and is filtered to meet your specific needs. It is commonly used to troubleshoot network problems and to develop and test software. This open-source protocol analyzer is widely accepted as the industry standard, winning its fair share of awards over the years.
Originally known as Ethereal, Wireshark has a user-friendly interface that can display data from hundreds of different protocols on all major network types. Data packets can be viewed in real time or analyzed offline. Wireshark supports dozens of capture/trace file formats supported including CAP and ERF .
Downloading and Installing Wireshark
Wireshark can be downloaded at no cost from the Wireshark Foundation website for both macOS and Windows operating systems. Unless you are an advanced user, it is recommended that you only download the latest stable release. During the Windows setup process, you should choose to install WinPcap if prompted, as it includes a library required for live data capture.
The application is also available for Linux and most other UNIX-like platforms. The binaries required for these operating systems can be found toward the bottom of the download page in the Third-Party Packages section. You can also download Wireshark's source code from this page.
How to Capture Data Packets
When you first launch Wireshark, a welcome screen appears containing a list of available network connections on your current device. In this example, you'll notice that the following connection types are shown: Bluetooth Network Connection, Ethernet, VirtualBox Host-Only Network, and Wi-Fi. Displayed to the right of each is an EKG-style line graph that represents live traffic on that respective network. If you are running from a laptop, your Wi-Fi interface is most likely the active interface. From a desktop, your Ethernet connection may be active.
To begin capturing packets, select one or more of the networks by clicking on your choice and using the Shift or Ctrl keys if you want to record data from multiple networks simultaneously. After a connection type is selected for capturing purposes, its background is shaded in either blue or gray. Click on Capture in the main menu located toward the top of the Wireshark interface. When the drop-down menu appears, select the Start option. You can also initiate packet capturing via one of the following shortcuts.
· Keyboard: Press Ctrl + E.
· Mouse: To capture packets from one particular network, double-click on its name.
· Toolbar: Click on the blue shark fin button on the far left side of the Wireshark toolbar.
Wireshark displays packet details as they are recorded during live capture. To Stop capturing:
· Keyboard: Press Ctrl + E
· Toolbar: Click on the red Stop button next to the shark fin on the Wireshark toolbar.
Viewing and Analyzing Packet Contents
Packet List Pane
Packet Details Pane
Packet Bytes Pane
After you record some network data, take a look at the captured packets. The captured data interface contains three main sections: the packet list pane, the packet details pane, and the packet bytes pane.
Packet List
The packet list pane, located at the top of the window, shows all packets found in the active capture file. Each packet has its own row and corresponding number assigned to it by Wireshark (not a packet number contained in any protocol’s header), along with each of these data points.
· Time: The timestamp of when the packet was captured is displayed in this column. The default format is number of seconds or partial seconds since the capture file was created. To modify this format to something more useful, such as time of day, select the Time Display Format option from Wireshark's View menu at the top of the main interface.
· Source: This column contains the address (IP or other) where the packet originated.
· Destination: This column contains the address that the packet is being sent to.
· Protocol: The packet's protocol name, such as TCP, can be found in this column. The protocol type field lists the highest-level protocol that sent or received this packet.
· Length: The packet length, in bytes, is displayed in this column.
· Info: Additional details about the packet are presented here. The contents of this column can vary greatly depending on packet contents.
When a packet is selected in the top pane, you may notice one or more symbols appear in the first column. Open or closed brackets and a straight horizontal line indicate whether a packet or group of packets are all part of the same back-and-forth conversation on the network. A broken horizontal line signifies that a packet is not part of said conversation.
Packet Details
The details pane, in the middle, presents the protocol fields of the selected packet in a collapsible format. In addition to expanding each selection, you can apply individual Wireshark filters based on specific details and follow streams of data based on protocol type via the details context menu, which is accessible by right-clicking your mouse on the desired item in this pane.
Packet Bytes
At bottom is the packet bytes pane, displaying raw data of the selected packet in hexadecimal view. This hex dump has 16 hexadecimal bytes and 16 ASCII bytes alongside the data offset.
Selecting a specific portion of this data automatically highlights its corresponding section in the packet details pane and vice versa. Any bytes that cannot be printed are represented by a period.
You can choose to show this data in bit format as opposed to hexadecimal by right-clicking anywhere within the pane and selecting the appropriate option from the context menu.
Using Wireshark
After working through the overview above, follow these instructions:
· Start up your web browser.
· If not already running Wireshark, start it up.
· Begin a packet capture as described above (with an active connection highlighted, click on the shark fin at the top left of the toolbar).
· Switch to your browser window and load a webpage such as http://my.utsa.edu/
· Click on a link, then switch to Wireshark and stop the packet capture (click on the red square at the top left of the toolbar).
· In Wireshark, scroll through the Packet List pane to see high level information on the packets being sent to and from your computer’s network interface.
Turn-in Requirements : To complete the assignment, upload a Word (.docx) or Adobe (.pdf) file with answers to these questions as your submission to the M01 Lab assignment in Blackboard. You must include a screenshot for each question.
1. (10 pts) Note the Source and Destination columns in the Packet List containing IP addresses. You should see one particular IP address repeated in nearly every packet as the Source or Destination. What is this IP address and what device does it represent? Provide a screenshot in your lab report.
2. (10 pts) Examine the Protocol column in the Packet List pane. Just estimating by scrolling through the packets, what protocol seems to be listed the most (Wireshark provides several ways to capture exact statistics like this, but such precision is not necessary for this introductory lab). Provide a screenshot in your lab report.
3. (10 pts) Highlight one of the packets in the Packet List pane and examine the information displayed in the Packet Details pane. Without expanding any of the rows, look at the information provided and identify which layers of the OSI model rows 2, 3 and 4 correspond to. Provide a screenshot in your lab report.
image1.jpg
image2.png
image3.png
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.