COMPUTER NETWORKS. CPSC 441, Winter 2016 Prof. Mea Wang Department of Computer Science University of Calgary

Similar documents
Getting Wireshark. Detailed installing steps can be found on the Internet, so this tutorial won t cover this part.

Wireshark intro. Introduction. Packet sniffer

Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross

Wireshark Lab: Getting Started

Lab: 2. Wireshark Getting Started

Lab Assignment 3 for ECE374

Wireshark Lab: Getting Started v6.0

Wireshark Lab: Getting Started

Exploring TCP and UDP based on Kurose and Ross (Computer Networking: A Top-Down Approach) May 15, 2018

Goals - to become acquainted with Wireshark, and make some simple packet captures and observations

Lab Assignment for Chapter 1

Ethereal Lab: Getting Started

Wireshark Lab: Getting Started v7.0

Wireshark Lab: Getting Started v6.0

To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP.

Intro to OpenFlow Tutorial

New York University Computer Science Department Courant Institute of Mathematical Sciences

Wireshark HTTP. Introduction. The Basic HTTP GET/response interaction

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

Ethereal Lab: Getting Started

University of Maryland Baltimore County Department of Information Systems Spring 2015

Wireshark Lab: Getting Started v7.0

Wireshark Lab: Getting Started

Project points. CSE422 Computer Networking Spring 2018

Lab Exercise Protocol Layers

Exercises: Basics of Networking II Experiential Learning Workshop

Lab I: Using tcpdump and Wireshark

Wireshark Lab: HTTP SOLUTION

Stateless Firewall Implementation

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

Spring 2017 Gabriel Kuri

Wireshark Lab: HTTP v6.1

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.

Problem Set 9 Due: Start of class, December 4

Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development

Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.

Exercises: Basics of Network Layer Experiential Learning Workshop

5. Write a capture filter for question 4.

Wireshark Lab: Ethernet and ARP v6.01

Assignment 3 Firewalls

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Lab Exercise UDP. Objective. Requirements. Step 1: Capture a Trace

Intro to OpenFlow Tutorial

Genie Snoop lab. Laboration in data communication GenieLab Department of Information Technology, Uppsala University

CSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

Using RDP with Azure Linux Virtual Machines

Agility2018-TCPdump Documentation

Secure Communications Over a Network

Lab Working with Linux Command Line

A quick tutorial on using tshark

Lab 1: Introduction to Linux Networking

Wireshark Lab: HTTP. 1. The Basic HTTP GET/response interaction

9. Wireshark I: Protocol Stack and Ethernet

The trace is here:

VERSION Lab 3: Link Layer

LAB THREE STATIC ROUTING

MP 1: HTTP Client + Server Due: Friday, Feb 9th, 11:59pm

Configuring a Palo Alto Firewall in AWS

CS Programming Languages Fall Homework #2

Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

Lab - Using Wireshark to Examine a UDP DNS Capture

VPN-against-Firewall Lab: Bypassing Firewalls using VPN

Lab #9: Basic Linux Networking

Lab - Using Wireshark to Examine a UDP DNS Capture

We want to install putty, an ssh client on the laptops. In the web browser goto:

IP Addressing, monitoring and packet analyzing

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

ADVANCED COMPUTER NETWORKS Assignment 9: Introduction to OpenFlow

Lab Using Wireshark to Examine Ethernet Frames

Introduction to Wireshark

COMPUTER NETWORKING LAB EXERCISES (TP) 4

Lab 2. All datagrams related to favicon.ico had been ignored. Diagram 1. Diagram 2

Department Of Computer Science

Lab 3.4.2: Managing a Web Server

Firewall Evasion Lab: Bypassing Firewalls using VPN

Fundamentals of Linux Platform Security

Fundamentals of Linux Platform Security. Hands-On Network Security. Roadmap. Security Training Course. Module 1 Reconnaissance Tools

Lab Using Wireshark to Examine Ethernet Frames

LAN Setup Reflection

Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark

Wireshark Lab: DNS Please note that this exercise is designed for Windows machines. Change the commands accordingly if you are using Linux.

DNS CACHE POISONING LAB

Problem Set 6 Due: Start of Class, October 26

Week Date Teaching Attended 9 Mar 2013 Lab 9: Network Forensics

Packet Capturing with TCPDUMP command in Linux

Lab 1: Creating Secure Architectures (Revision)

The Wifidog project is an open source captive portal solution It consists of two components:

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

Deploy the ExtraHop Discover Appliance in Azure

Prepared By: Eng. Wasan Fraihat

Problem Set 10 Due: Start of class December 11

The trace file is here:

A Simple Network Analyzer Decoding TCP, UDP, DNS and DHCP headers

Material for the Networking lab in EITF25 & EITF45

Lab 2: Creating Secure Architectures

Getting Started. 1 Earlier versions of these labs used the Ethereal packet analyzer. In May 2006, the developer of Ethereal

Assignment 5: Software Defined Networking CS640 Spring 2015

Transcription:

COMPUTER NETWORKS CPSC 441, Winter 2016 Prof. Mea Wang Department of Computer Science University of Calgary

Introduction: Wireshark and tshark Running tshark Running Wireshark Exercise: Analyze HTTP traffic to and from web browser

WHAT IS WIRESHARK? Wireshark is network protocol analyzer Runs in Linux, Mac and Windows Free of cost It is installed in lab machines, but need root access You can install it: on your own machine:http://www.wireshark.org/ download.html on your RAC VM (next slide) CPSC 457 Winter 2014

TSHARK Terminal version of Wireshark Typically used when interactive user interface is not available You need to use tshark to capture and analyze network packets on RAC VMs. Install tshark on your RAC VM Please login to your VM sudo apt-get install tshark If this results in package not available message, update package list by executing sudo apt-get update first and later install tshark

Introduction: Wireshark and tshark Running tshark Running Wireshark Exercise: Analyze HTTP traffic to and from web browser

CAPTURE TRAFFIC tshark has to be run with root privileges sudo (superuser mode) while running tshark Identify the network interface to monitor To list all interfaces in a machine: ifconfig -a For RAC VMs, there is only interface -- eth0 Create a destination folder to save the packet trace file In your home directory (/home/ubuntu): mkdir dump Change ownership of the dump folder to root: sudo chown -R root: dump Capture traffic sudo tshark -i eth0 -w dump/filedump0 Option i to specify interface name Option w to specify destination of packet trace file

Introduction: Wireshark and tshark Running tshark Running Wireshark (This tutorial is adapted from the textbook exercise.) Exercise: Analyze HTTP traffic to and from web browser

MAIN WINDOW Click Capture pull down button to select an interface and start capturing packets

CAPTURE WINDOW

CAPTURE WINDOW The command menus are standard pull-down menus located at the top of the window. The packet- lis1ng window displays an one-line summary for each packet captured. The packet- header details window provides details about the packet selected (highlighted) in the packet-listing window. The packet- contents window displays the entire content of the captured frame, in both ASCII and hexadecimal format. The packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows).

Introduction: Wireshark and tshark Running tshark Running Wireshark Exercise: Analyze HTTP traffic to and from web browser (This tutorial is adapted from the textbook exercise.)

EXERCISE: HTTP ANALYSIS In this exercise, you will use Wireshark or tshark to analyze HTTP traffic. On your RAC VM: Since we cannot run a browser application on the VM, we will use the command wget to retrieve web content While running tshark through one terminal, connect to the public VM in another terminal. Then do the following steps: wget www.cpsc.ucalgary.ca wget will show a progress bar Once the webpage is downloaded completely, stop the capture (press Control-c in the terminal where tshark is running)

TSHARK: ANALYZE PACKETS Tshark dumps all incoming and outgoing packets from eth0 We need to filter the packets that are of interest to us tshark and wireshark shares the same Filter Engine The filter expression is provided to tshark using the option field -R. For example: To filter tcp packets: sudo tshark -r dump/filedump0 -R tcp By default, a short description of the packets (one per line) is displayed to the standard output You can redirect output using > operator If you want full information (all protocol fields) about packet, use V option: sudo tshark -r dump/filedump0 -R tcp -V To filter packets with HTTP header sudo tshark -r dump/filedump0 -R http

TSHARK: ANALYZE PACKETS To display tcp packets to and from specific port numbers sudo tshark -r dump/filedump0 -R tcp.dstport==80 tcp.srcport==80 Above command displays all packets having either source or destination tcp port number equal to 80 Note the operators == and Similarly, there are operators:!=, >, <, <=, <= dstport and srcport are field names defined in tshark for TCP destination and source port number, respectively. For more information about the filter expression General Info, go to manual page: man wireshark-filter For full list of field names https://www.wireshark.org/docs/ dfref/

TSHARK: FILTER HTTP PACKETS Filter packets with protocol or field name HTTP sudo tshark -r dump/filedump0 -R http Note that above command will ONLY display packets that is identified as HTTP by tshark or has a field called HTTP To display all packets exchanged between VM and the cpsc server sudo tshark -r dump/filedump0 -R tcp.dstport==80 tcp.srcport==80 HTTP server listens on port 80

WIRESHARK: HTTP ANALYSIS In Windows or MacOS: Start up your favorite web browser, which will display your selected homepage Start up the Wireshark software. To begin packet capture, select the Capture pull down menu and select Interfaces. This will cause the Wireshark: Capture Interfaces window to be displayed. You ll see a list of the interfaces on your computer. Click on Start for the interface on which you want to begin packet capture. While Wireshark is running, enter the URL: www.cpsc.ucalgary.ca in your browser and have that page displayed in browser Stop Wireshark packet capture by selecting stop in the Wireshark capture window

WIRESHARK: HTTP ANALYSIS Lets now filter the HTTP messages (due to webpage access) between your browser and cpsc web server Type in http (without the quotes, and in lower case all protocol names are in lower case in Wireshark) into the display filter specification window and press ENTER. The wireshark window will look similar to figure in slide 11

EXAMPLE: HTTP ANALYSIS No. and Time values are relative to the start of the capture

THINGS TO TRY OUT Find the HTTP Get Message. This is the HTTP request message sent to the cpsc web server from your browser Find the HTTP Ok Message. This is the HTTP Response message from the cpsc web server to your browser Figure out the IP address of cpsc web server Figure out the IP address of your machine Figure out the time gap between HTTP Get and HTTP OK?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback