DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK
|
|
- Sharyl Sparks
- 6 years ago
- Views:
Transcription
1 DKT 224/3 DATA COMMUNICATION & NETWORK LAB 2 NETWORK PROTOCOL ANALYZER SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK
2 Lab #2 2 Lab #2 : Network Protocol Analyzer (Sniffing and Identify Protocol used in Live Network) Objectives Learn some basics of Ethernet Sniffing packet and identify various packet types and protocol Report Writing Background 1. Getting Started One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. This can be done in simulated scenarios or in a real network environment such as the Internet. In these WIRESHARK labs, we ll take the latter approach. You ll be running various network applications in different scenarios using a computer on your desk, at home, or in a lab. You ll observe the network protocols in your computer in action, interacting and exchanging messages with protocol entities executing elsewhere in the Internet. Thus, you and your computer will be an integral part of these live labs. You ll observe, and you ll learn, by doing. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures ( sniffs ) messages being sent/received from/by your computer. It will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine. Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer.
3 Lab #2 3 Messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer. The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields within a protocol message. In order to do so, the packet analyzer must understand the structure of all messages exchanged by protocols. For example, suppose we are interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that the first bytes of an HTTP message will contain the string GET, POST, or HEAD,.
4 Lab #2 4 We will be using the Wireshark packet sniffer [ for these labs, allowing us to display the contents of messages being sent/received from/by protocols at different levels of the protocol stack. (Technically speaking, Wireshark (Ethereal) is a packet analyzer that uses a packet capture library in your computer). 2. What is Wireshark (Ethereal)? Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connectionlevel information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues. It's also priced right: it's free! Wireshark (Ethereal) is a network packet analyzer or packet sniffer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark (Ethereal), all that has changed. Wireshark (Ethereal) is perhaps one of the best open source packet analyzers available today. i. Some intended purposes Here are some examples people use Wireshark (Ethereal) for: network administrators use it to troubleshoot network problems network security engineers use it to examine security problems developers use it to debug protocol implementations people use it to learn network protocol internals ii. Features Live capture from many different network media Despite its name, Ethereal can capture traffic from network media other than Ethernet. Which media types are supported, depends on many things like the operating system you are using. Many protocol decoders There are protocol decoders (or dissectors, as they are known in Ethereal) for a great many protocols. A comprehensive list of all protocols and protocol fields can be found at ttp:// Open Source Software Wireshark (Ethereal) is an open source software project, and is released under the GNU General Public Licence (GPL). You can freely use Ethereal on any number of computers you like, without
5 Lab #2 5 worrying about license keys or fees or such. In addition, all source code is freely available under the GPL. Because of that, it is very easy for people to add new protocols to Ethereal, either as plugins, or built into the source, and they often do! iii. What Wireshark is not Just as with any tool, Wireshark can be used for some things and not others. Here is a list of some of the things Wireshark cannot do: 1. It cannot be used to map out a network. Take a look at the NMAP tool for that functionality. 2. It does not generate network data it is a passive tool. Tools like NMAP, ping, and traceroute are examples of tools that generate network data. These tools are active. 3. It can only show detailed information about protocols it actually understands. The good news is that it understands a great many protocols. It is also extensible, so you can add protocol support for ones it doesn t understand. Otherwise you will only be able to see a hexdump of data it has captured. 4. It can only capture data as well as the OS\Interface\Interface driver supports. An example of this is capturing data over wireless networks. This does not work well (or at all) for some software and hardware combinations. Practical work Before you start wireshark you must log in as root. Ask the technician for root password. You can start Wireshark by giving the command wireshark on the command line. This opens a window, which is a GUI interface to wireshark's packet capture utility as shown in figure 2. (You'll want to make this window bigger.)
6 Lab #2 6 Figure 2 : Wireshark window To start scanning, choose Interfaces from the Capture menu. You'll see a pop-up window similar to the one below:
7 Lab #2 7 Figure 3: Capture action window If you'd like to configure advanced options -- like capturing a file, resolving MAC addresses and DNS names, or limiting the time or size of the capture -- click the Options button corresponding to the interface you wish to configure. Many of these options can help to improve the performance of Wireshark. For example, you can adjust settings to avoid nameresolution issues, as they will otherwise slow down your capture system and generate large numbers of name queries. Time and size limits can also place limitations on unattended captures. Otherwise, simply click the Start button next to the name of the interface on which you wish to capture traffic. The Wireshark screen will immediately begin filling up with traffic seen on the network interface, as shown below:
8 Lab #2 8 Figure 4: Capture data window Interpreting the results Each line in the top pane of the Wireshark window corresponds to a single packet seen on the network. The default display shows the time of the packet (relative to the initiation of the capture), the source and destination IP addresses, the protocol used and some information about the packet. You can drill down and obtain more information by clicking on a row. This causes the bottom two window panes to fill with information. The middle pane contains drill-down details on the packet selected in the top frame. The "+" icons reveal varying levels of detail about each layer of information contained within the packet. In the example above, I've selected a DNS response packet. I've expanded the DNS response (application layer) section of the packet to show that the original was requesting a DNS resolution for and this response is informing us that the available IP
9 Lab #2 9 addresses include The bottom window pane shows the contents of the packet in both hexadecimal and ASCII representations. Color is your friend when analyzing packets with Wireshark. Notice in the example above that each row is color-coded. The darker blue rows correspond to DNS traffic, the lighter blue rows are UDP SNMP traffic, and the green rows signify HTTP traffic. Wireshark includes a complex color-coding scheme (which you can customize). The default settings appear below: Figure 5: Capture data window That sums up the basics of using Wireshark to capture and analyze network traffic. The best way to become an expert quickly is to get your hands dirty and start capturing network traffic. There's no doubt you'll find that it can be a helpful tool for everything from configuring firewall rules to spotting an intrusion. Remember, however, that you must always have permission from the network owner before capturing traffic on any network.
10 Lab #2 10 Exercise 1: Click on one of the HTTP packets and examine it in detail in the middle section of the Wireshark window. You can confirm that the structure of the packet is HTTP data wrapped in a TCP segment, which is wrapped in an IP datagram, which is wrapped in an Ethernet frame. If you click one of the little triangles in front of the word "Ethernet", your view of the Ethernet header will be expanded to show the content of the header. Similarly for the "Internet Protocol," "Transmission Control Protocol," and "Hypertext Transfer Protocol" lines. If you click on any of the lines in the middle section of the window, the corresponding data in the display in the bottom third of the window will be highlighted. Based on all this, answer the following questions: Question 1: What does an Ethernet address look like, and what is the Ethernet address of your computer? Question 2: How many bytes are there in an Ethernet header? Question 3: What is the IP address of the server computer? How did you find this out by looking at info in the packet? Question 4: The HTTP server communicates on port 80. What port number on your computer was used for the communication? How did you find this out? Exercise 2: Now, enter "not ip" as the display filter. This lets you see non-ip packets. What protocols do you see? Describe some of the things that you can discover or guess about these protocols, just from information available in the Wireshark window. Exercise 3: Close all internet browsers. Restart packet capturing. Open your terminal window. Ping the computer next to you using this command: $ ping xx.xxx.x.xxx Open your internet browser and go to Click on introduction option. Stop the capture session. Trace back all of the activities that you have done starting from you ping the computer next to you until you stop the capture session. Copy all of the activities that you have traced and paste it in notepad. Print the result and attach it with your report.
11 Lab #2 11 Reference: i. Ethereal User's Guide V2.00 for Ethereal Richard Sharpe, NS Computer Software and Services P/L Ed Warnicke, Ulf Lamping, ii.
12 Lab #2 12 Appendix Wireshark Interface The Wireshark interface is fairly simple considering what it can do. 1. Title bar this will contain different information depending on what Wireshark is doing. If it is capturing network data, it will show the interface that is in use. If it is displaying data from a previous capture, the name of the file containing the captured data will be shown (untitled is shown if a capture was performed, stopped and not saved). Otherwise it will show the application name: Wireshark Network Protocol Analyzer 2. Menu bar Menu bar providing access to application features a. File Functions for working with captured data such as saving and exporting to different file formats b. Edit Functions for finding packets, setting the time reference, and setting preferences c. View - Functions for modifying how Wireshark displays information such as which windows are open d. Go Functions for navigating to specific packets e. Capture Functions for starting and stopping captures, saving filters and working with network interfaces f. Analyze Functions for interpreting and filtering captured data g. Statistics Functions to statistically analyze captured data h. Help access to product help 3. Main tool bar Shortcuts to frequently used functions in the menu bar 4. Filter tool bar Quick access to filter functions 5. Packet list pane Displays all the packets in the current capture file. 6. Packet details pane Shows a more detailed view of the packet currently selected in the Packet List pane 7. Packet bytes pane A hexdump view of the packet currently selected in the Packet List pane 8. Status bar Provides informational messages and feedback to the user Sample Wireshark Capture In this example, I will start a Wireshark capture on my wired laptop interface. I will then launch Thunderbird to retrieve from Comcast and GMail 1. First launch Wireshark.
13 Lab # Then select Capture->Interfaces from the menu bar. 3. This will bring up the Interfaces dialog box. Select the interface you want to use. This is important since Wireshark (as with any protocol analyzer) can only capture data from a network it is physically connected to. I will be using the wired Ethernet adapter in my laptop so I will choose the Intel adapter in the list. Click the Start button. Capturing will now begin. After a short while, you will see the main Wireshark window (the packet list, detail and byte panes) fill with data. 4. Now I will launch Thunderbird and login to both my GMail and Comcast mail accounts. At this point I will wait for all my mail to download and then I will stop the network capture by selecting Capture->Stop from the menu bar. Click File and Save to save this capture to disk after all data is captured. 5. I have just captured two complete pop3 sessions with Wireshark. To single out the pop session information I will apply a filter. In the filter bar enter the following text and press the apply button: tcp.port eq 110. This will limit the display to traffic on tcp port 110 (the POP port). Also notice that Wireshark understands the Post Office Protocol, so it will interpret bits of information such as POP commands and even authentication information. I do not connect to the Comcast mail server using SSL so my password is contained in the trace in clear text. I had to choose this screenshot wisely! I ve actually used this to troubleshoot end user client connection problem to pop and imap servers. 6. Scrolling through the filtered captured data only shows a conversation between two hosts; my laptop and the Comcast mail server. What happened to gmail? Well, I use SSL with my GMail account and SSL POP connections are associated with port 995 not 110. In the filter bar enter the following text and press the apply button: tcp.port eq 995. This will show all the POP over SSL traffic. But notice that no other details are available about the application protocol. The protocols in use on port 995 are
14 Lab #2 14 TCP, SSL and TLS. You will see some packets dealing with key exchange, but that is all to do with the security negotiations associated with SSL\TLS. All the Application data is encrypted. Closing remarks This is only the tip of the iceberg. I do not have a need to use this tool very often, but when I do need it, it is there and it can be a life saver or a job saver. For more information on this tool visit the Wireshark website at The documentation on this site is quite extensive and should get you up to speed fairly quickly. Also check out the documentation for whatever protocol you are sniffing. For the internet protocols, the RFC s are a must read. You can find these at the Internet Engineering Task Force website at Finally, if you are sniffing an undocumented protocol like nrpc (used by Lotus Notes\Domino) you may want to spend time researching a similar protocol that is documented. This may help you to understand what you are seeing in Wireshark related to the undocumented protocol.
Wireshark Lab: Getting Started
Wireshark Lab: Getting Started This following content is edited from the wireshark lab exercise provided by J.F. Kurose, and K.W. Ross, "Computer Networking: A Top down approach" 5th ed. Pearson, 2010.
More informationLab: 2. Wireshark Getting Started
Lab: 2 Wireshark Getting Started One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages
More informationWireshark Lab: Getting Started v6.0
Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand.
More informationWireshark Lab: Getting Started v7.0
Wireshark Lab: Getting Started v7.0 Supplement to Computer Networking: A Top-Down Approach, 7th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand.
More informationWireshark Lab: Getting Started v6.0
Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand.
More informationWireshark Lab: Getting Started
Wireshark Lab: Getting Started Version: 2.0 2007 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topdown Approach, 4 th edition. Tell me and I forget. Show me and I remember. Involve
More informationEthereal Lab: Getting Started
Ethereal Lab: Getting Started One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages
More informationWireshark Lab: Getting Started
Wireshark Lab: Getting Started Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb 2005-2019, J.F Kurose and K.W. Ross, All Rights Reserved Introduction to Wireshark
More informationEthereal Lab: Getting Started
Ethereal Lab: Getting Started Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. Tell me and I forget. Show
More informationWireshark intro. Introduction. Packet sniffer
Wireshark intro Introduction One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages
More informationUniversity of Maryland Baltimore County Department of Information Systems Spring 2015
University of Maryland Baltimore County Department of Information Systems Spring 2015 IS 450/650: Data Communications and Networks Homework Assignment 1 Wireshark Lab (Handed Out: February 3, 2015 (Tuesday),
More informationWireshark Lab: Getting Started v7.0
Wireshark Lab: Getting Started v7.0 Adapted by HMC from the supplement to Computer Networking: A Top-Down Approach, 7 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve
More informationBSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario
BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark
More informationIntroduction to Wireshark
Introduction to Wireshark CS3C03/SE4C03 Jason Jaskolka Department of Computing and Software Faculty of Engineering McMaster University Hamilton, Ontario, Canada jaskolj@mcmaster.ca Winter 2013 Jason Jaskolka
More informationProject points. CSE422 Computer Networking Spring 2018
Project 1 100 points Introduction One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages
More informationWireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross
Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved In the Wireshark
More informationNew York University Computer Science Department Courant Institute of Mathematical Sciences
New York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & Networks Course Number: g22.2662-001 Instructor: Jean-Claude Franchitti Session:
More informationUNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12
UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12 Due Wednesday, 12/7, at 11:59:59 PM. One s understanding of network protocols can often be greatly deepened by seeing protocols
More informationLab Assignment for Chapter 1
CHAPTER 1 Lab Assignment for Chapter 1 We have created lab assignments for eight chapters of the textbook (Chapters 1, 2, 3, 4, 5, 6, 8, and 10). We have no lab assignments for Chapter 7, 9 or 11. We cannot
More informationGoals - to become acquainted with Wireshark, and make some simple packet captures and observations
CSCI 395: Networks Lab 2: Introductory Wireshark Lab, Current state of the Internet, and Transmission/ Delay Due: 2/19/16 at the beginning of class 20 Points Part I Goals - to become acquainted with Wireshark,
More informationDepartment Of Computer Science
Department Of Computer Science Laboratory Manual Prepared By: Muhammad Nouman Farooq Lecturer and Course Coordinator Course: Network Security (CS-242) Page 1 of 47 Table of Contents Lab 1- Introduction
More informationUsing Ethereal As A Tool For Network Security Mentor: Mr. Christopher Edwards Team Members: Jerome Mitchell, Anthony Anderson, and Napoleon Paxton
Using Ethereal As A Tool For Network Security Mentor: Mr. Christopher Edwards Team Members: Jerome Mitchell, Anthony Anderson, and Napoleon Paxton Abstract The Office of Navel Research Network Team actively
More informationProtocol Analysis: Capturing Packets
Protocol Analysis: Capturing Packets This project is intended to be done on the EiLab Network, but if you want to try to VPN into the EiLab Network on your own PC from your home or workplace, follow these
More informationThe following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using
Module 08: Sniffers Objective The objective of this lab is to make students learn to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to: Sniff
More informationNETWORK PACKET ANALYSIS PROGRAM
NETWORK PACKET ANALYSIS PROGRAM Duration: 3 days (21 hours) Mode: 1. Instructor Led Class room Training and Labs 2. Online In this hands-on course, you will receive in-depth training on Protocol analysis
More informationLab 1: Packet Sniffing and Wireshark
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer
More informationLab - Using Wireshark to Examine a UDP DNS Capture
Topology Objectives Part 1: Record a PC s IP Configuration Information Part 2: Use Wireshark to Capture DNS Queries and Responses Part 3: Analyze Captured DNS or UDP Packets Background / Scenario If you
More informationIntroduction to OSI model and Network Analyzer :- Introduction to Wireshark
Sungkyunkwan University Introduction to OSI model and Network Analyzer :- Introduction to Wireshark Syed Muhammad Raza s.moh.raza@gmail.com Copyright 2000-2014 Networking Laboratory 1/56 An Overview Internet
More informationLab - Using Wireshark to Examine a UDP DNS Capture
Topology Objectives Part 1: Record a PC s IP Configuration Information Part 2: Use Wireshark to Capture DNS Queries and Responses Part 3: Analyze Captured DNS or UDP Packets Background / Scenario If you
More informationIntroduction to Troubleshooting TCP/IP Networks with Wireshark
Introduction to Troubleshooting TCP/IP Networks with Wireshark Course WIRE-1B 5 Days Instructor-led, Hands-on Introduction In this hands-on, instructor-led, five-day course, you will receive in-depth training
More informationLab Exercise Protocol Layers
Lab Exercise Protocol Layers Objective To learn how protocols and layering are represented in packets. They are key concepts for structuring networks that are covered in 1.3 and 1.4 of your text. Review
More informationExperiment 2: Wireshark as a Network Protocol Analyzer
Experiment 2: Wireshark as a Network Protocol Analyzer Learning Objectives: To become familiarized with the Wireshark application environment To perform basic PDU capture using Wireshark To perform basic
More informationSubmit your captured trace file from the TCP lab exercise (Section 1 describes how this can be done).
TCN 5030 - Project 2 Overview: This project will give you hands-on experience with the Wireshark network protocol analyzer, by investigating the behavior of TCP. Wireshack is a popular open-source tool
More informationPresenter. Xiaolong Li, Assistant Professor Department of Industrial and Engineering Technology Morehead State University
DEVELOPMENT AND APPLICATION OF A NEW CURRICULUM FOR COMPUTER NETWORKING Presenter Xiaolong Li, Assistant Professor Department of Industrial and Engineering Technology Morehead State University Gabriel
More informationPrepared By: Eng. Wasan Fraihat
Objectives Taibah University College of Computer Science & Eng. Computer Engineering Department Computer Networks Laboratory CN332 Lab. 1 Cabling & Packet Sniffing Prepared By: Eng. Wasan Fraihat 1. To
More informationObjectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.
Team Project 1 Due: Beijing 00:01, Friday Nov 7 Language: English Turn-in (via email) a.pdf file. Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and
More informationIntroduction to Wireshark
Introduction to Wireshark 1 Objective In this lab, the student shall work individually to: 1. Learn about packet sniffers and see how they capture and analyze network traffic. 2. Install Wireshark and
More information9. Wireshark I: Protocol Stack and Ethernet
Distributed Systems 205/2016 Lab Simon Razniewski/Florian Klement 9. Wireshark I: Protocol Stack and Ethernet Objective To learn how protocols and layering are represented in packets, and to explore the
More informationGetting Started. 1 Earlier versions of these labs used the Ethereal packet analyzer. In May 2006, the developer of Ethereal
Getting Started One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages exchanged between
More informationCOMP2330 Data Communications and Networking
COMP2330 Data Communications and Networking Dr. Chu Xiaowen (Second semester, 2009-2010 academic year) Laboratory 3 Last update: Feb-3-2009 Use Wireshark to Analyze IP Packet Objectives: (1) Use Wireshark
More information5. Write a capture filter for question 4.
Pre-Lab 2: Single Segment IP Networks 1. Review Linux man pages for arp at www.linuxmanpages.com (in both Sections 7 and 8), the ARP RFC (RFC 826) at www.ietf.org, and Section 3.4 of the IBM Red Book.
More informationNetwork Analyzer :- Introduction to Wireshark
Sungkyunkwan University Network Analyzer :- Introduction to Wireshark Syed M. Raza s.moh.raza@skku.edu H. Choo choo@skku.edu Copyright 2000-2018 Networking Laboratory Networking Laboratory 1/56 An Overview
More informationLab Using Wireshark to Examine Ethernet Frames
Topology Objectives Part 1: Examine the Header Fields in an Ethernet II Frame Part 2: Use Wireshark to Capture and Analyze Ethernet Frames Background / Scenario When upper layer protocols communicate with
More informationCE3005: Computer Networks Laboratory 3 SNIFFING AND ANALYSING NETWORK PACKETS
SNIFFING AND ANALYSING NETWORK PACKETS 1. OBJECTIVE To further understand how the Internet really works and how the concept of encapsulation is being implemented in the different layers of the TCP/IP protocol
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationGenie Snoop lab. Laboration in data communication GenieLab Department of Information Technology, Uppsala University
Genie Snoop lab Laboration in data communication GenieLab Department of Information Technology, Uppsala University Overview This lab deals with network layers, services and HTTP transactions as well as
More informationKing Fahd University of Petroleum & Minerals. Data Traffic Capture and Protocols Analysis using Sniffer Tool
King Fahd University of Petroleum & Minerals Electrical Engineering Department EE 400, Experiment # 4 Data Traffic Capture and Protocols Analysis using Sniffer Tool Objectives: After this experiment, students
More informationLab Using Wireshark to Examine Ethernet Frames
Topology Objectives Part 1: Examine the Header Fields in an Ethernet II Frame Part 2: Use Wireshark to Capture and Analyze Ethernet Frames Background / Scenario When upper layer protocols communicate with
More informationProtocol Analysis: Capturing Packets
Protocol Analysis: Capturing Packets This project is intended to be done on your assigned Windows VM on the EiLab Network. This is, in part, because you must do this on a PC that you have administrative
More informationWireshark HTTP. Introduction. The Basic HTTP GET/response interaction
Wireshark HTTP Introduction Having gotten our feet wet with the Wireshark packet sniffer in the introductory lab, we re now ready to use Wireshark to investigate protocols in operation. In this lab, we
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationNetwork Forensics (wireshark) Cybersecurity HS Summer Camp
Network Forensics (wireshark) Cybersecurity HS Summer Camp Packet Sniffer a packet sniffer captures ( sniffs ) messages being sent/received from/by your computer; it will also typically store and/or display
More informationCNBK Communications and Networks Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems
Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems Contents Purpose of Hardware and Protocols Associated with Computer Networks... 3 Lab Objectives... 3 Lab Resources...
More informationE&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang
E&CE 358: Tutorial 1 Instructor: Sherman (Xuemin) Shen TA: Miao Wang Email: m59wang@uwaterloo.ca 1 About Tutorials TA: Miao Wang Office: EIT 3133; Tutorials: Th 4:30 5:20 pm Topics Supplementary knowledge
More informationCSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP
Objectives CSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP To get familiar with capturing network packets using Wireshark. To explore the HTTP message formats and basic operations of HTTP protocol.
More informationGetting Wireshark. Detailed installing steps can be found on the Internet, so this tutorial won t cover this part.
Wireshark Tutorial Getting Wireshark Wireshark for Windows and Mac OS X can be easily downloaded from its official website. If you are Linux users, you ll probably find Wireshark in its package repositories.
More informationLab - Using Wireshark to Examine TCP and UDP Captures
Topology Part 1 (FTP) Part 1 will highlight a TCP capture of an FTP session. This topology consists of a PC with Internet access. Topology Part 2 (TFTP) Part 2 will highlight a UDP capture of a TFTP session.
More informationVERSION Lab 3: Link Layer
Lab 3: Link Layer Objective In this lab, you will investigate Ethernet and the ARP protocol. You will also prove you are a Wireshark Ninja by dissecting an unknown protocol. Knowledge from Lecture 20 and
More informationWireshark Guide READ ONLINE
Wireshark Guide READ ONLINE Wireshark Beginner guide - CCNA Voice Questions - Wireshark Beginner guide. June 14th, 2010 in Knowledge Base Go to comments. Wireshark/Ethereal is a free network protocol analyzer
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationPacket Capture & Wireshark. Fakrul Alam
Packet Capture & Wireshark Fakrul Alam fakrul@bdhub.com Why we need to capture packet & how it s related to security? tcpdump Definition tcpdump is a utility used to capture and analyze packets on network
More informationLab Exercise UDP. Objective. Requirements. Step 1: Capture a Trace
Lab Exercise UDP Objective To look at the details of UDP (User Datagram Protocol). UDP is a transport protocol used throughout the Internet as an alternative to TCP when reliability is not required. It
More informationWireshark: Network Forensic Exercise by Fakrul Alam, Bangladesh CERT
Wireshark: Network Forensic Exercise by Fakrul Alam, Bangladesh CERT Network Startup Resource Center http://www.nsrc.org/ These materials are licensed under the Creative Commons Attribution-NonCommercial
More informationWireshark Lab: HTTP SOLUTION
Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 7th ed., J.F. Kurose and K.W. Ross 2005-2012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots
More informationLab Capturing and Analyzing Network Traffic
Lab 1.2.2 Capturing and Analyzing Network Traffic Host Name IP Address Fa0/0 Subnet Mask IP Address S0/0/0 Subnet Mask Default Gateway RouterA 172.17.0.1 255.255.0.0 192.168.1.1 (DCE) 255.255.255.0 N/A
More informationCOMP 2000 W 2012 Lab no. 3 Page 1 of 11
COMP 2000 W 2012 Lab no. 3 Page 1 of 11 Lab Introduction Background The Internet is based on packet-switched protocols. Information is carried in packets (it is divided into packets), which can be imagined
More informationCCNA Semester 1 labs. Part 2 of 2 Labs for chapters 8 11
CCNA Semester 1 labs Part 2 of 2 Labs for chapters 8 11 8.1.4.6 Lab - Calculating IPv4 Subnets 8.1.4.8 Lab - Designing and Implementing a Subnetted IPv4 Addressing Scheme 8.2.1.5 Lab - Designing and Implementing
More informationSC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers
SC/CSE 3213 Winter 2013 L8: TCP/IP Overview Sebastian Magierowski York University 1 Outline TCP/IP Reference Model A set of protocols for internetworking The basis of the modern IP Datagram Exchange Examples
More informationNetwork+ Guide to Networks, Seventh Edition Chapter 1, Solutions
Network+ Guide to Networks, Seventh Edition Chapter 1, Solutions Review Questions 1. In the client-server model, what is the primary protocol used for communication between a browser and Web server? A.
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationIntroduction to OSI model and Network Analyzer :- Introduction to Wireshark
Sungkyunkwan University Introduction to OSI model and Network Analyzer :- Introduction to Wireshark Syed Muhammad Raza s.moh.raza@gmail.com Copyright 2000-2015 Networking Laboratory 1/56 An Overview of
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationPacket Analysis - Wireshark
Packet Analysis - Wireshark Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea Why do we need to capture packet & how is it relevant to security? tcpdump tcpdump is a utility used
More informationWireshark Lab Ethernet And Arp Solution
We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer, you have convenient answers with wireshark lab ethernet
More informationNetwork Traffic Analysis - Course Outline
Network Traffic Analysis - Course Outline This course is designed for system/network administrations with an overall understanding of computer networking. At the end of this course, students will have
More informationLab 4: Network Packet Capture and Analysis using Wireshark
Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 Details Aim: To provide a foundation in network packet capture and analysis. You may be faced with network traffic analysis, from traffic
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationProtocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS
Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS Mail seban649@student.liu.se Protocol Hi Hi Got the time? 2:00 time TCP connection request TCP connection response Whats
More informationUsing Diagnostic Tools
Using Diagnostic Tools The Tools System Diagnostics page on the INVESTIGATE view provides several diagnostic tools that help troubleshoot various kinds of network problems and process monitors. Tech Support
More informationCOMS3200/7201 Computer Networks 1 (Version 1.0)
COMS3200/7201 Computer Networks 1 (Version 1.0) Assignment 3 Due 8pm Monday 29 th May 2017. V1 draft (hopefully final) Note that the assignment has three parts Part A, B & C, each worth 50 marks. Total
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect
More informationAdvanced Network Troubleshooting Using Wireshark (Hands-on)
Advanced Network Troubleshooting Using Wireshark (Hands-on) Description This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants
More informationWireshark Lab: Ethernet and ARP v6.01
Wireshark Lab: Ethernet and ARP v6.01 Supplement to Computer Networking: A Top-Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand.
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationNetwork sniffing packet capture and analysis
Network sniffing packet capture and analysis September 29, 2017 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response
More informationReview for Internet Introduction
Review for Internet Introduction What s the Internet: Two Views View 1: Nuts and Bolts View billions of connected hosts routers and switches protocols control sending, receiving of messages network of
More informationInstallation Guide Web Browser Method
Installation Guide Web Browser Method Table of Contents (click on the links below) Overview... 4 First Time Installation on a Windows PC... 5 First Time Installation on a Mac using FireFox (recommended)...
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationClientless SSL VPN End User Set-up
71 CHAPTER This section is for the system administrator who sets up Clientless (browser-based) SSL VPN for end users. It summarizes configuration requirements and tasks for the user remote system. It also
More informationCCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols
CCNA Exploration Network Fundamentals Chapter 03 Application Functionality and Protocols Updated: 27/04/2008 1 3.1 Applications: The Interface Between Human and Networks Applications provide the means
More informationMaterial for the Networking lab in EITF25 & EITF45
Material for the Networking lab in EITF25 & EITF45 2016 Preparations In order to succeed with the lab, you must have understood some important parts of the course. Therefore, before you come to the lab
More informationWireshark Lab: HTTP v6.1
Wireshark Lab: HTTP v6.1 Supplement to Computer Networking: A Top-Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification https://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationNETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi
NETGEAR-FVX538 Relation Fabrizio Celli;Fabio Papacchini;Andrea Gozzi -2008- Abstract Summary... 2 Chapter 1: Introduction... 4 Chapter 2: LAN... 6 2.1 LAN Configuration... 6 2.1.1 First experiment: DoS
More informationLaboratory Manual for CENG460 Communications Networks
Department of Electrical and Computer Engineering Laboratory Manual for CENG460 Communications Networks By Ruonan Zhang, Emad Shihab, Zhe Yang, Xuan Wang, Lei Zheng, and Lin Cai Copyright 2012 University
More informationCONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35
CONTENTS IN DETAIL ACKNOWLEDGMENTS xv INTRODUCTION xvii Why This Book?...xvii Concepts and Approach...xviii How to Use This Book... xix About the Sample Capture Files... xx The Rural Technology Fund...
More informationSANS FORENSIC CHALLENGES REPORT
SANS FORENSIC CHALLENGES REPORT Nama 이름 : Fitroh Qori Saputro : 피뜨로코리사뿌뜨로 NIM : 10152147 1. Wireshark Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your
More informationConfiguring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya
Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya 802.11a/b Wireless Client for User Authentication (802.1x) and Data Encryption - Issue 1.0 Abstract These Application Notes describe
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More information