Prepared By: Eng. Wasan Fraihat

Similar documents
Wireshark Lab: Getting Started

Lab: 2. Wireshark Getting Started

Wireshark Lab: Getting Started v6.0

Wireshark Lab: Getting Started

Ethereal Lab: Getting Started

University of Maryland Baltimore County Department of Information Systems Spring 2015

Wireshark Lab: Getting Started

Wireshark Lab: Getting Started v7.0

Wireshark Lab: Getting Started v6.0

Goals - to become acquainted with Wireshark, and make some simple packet captures and observations

Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross

Ethereal Lab: Getting Started

New York University Computer Science Department Courant Institute of Mathematical Sciences

Wireshark intro. Introduction. Packet sniffer

Wireshark Lab: Getting Started v7.0

Getting Wireshark. Detailed installing steps can be found on the Internet, so this tutorial won t cover this part.

Project points. CSE422 Computer Networking Spring 2018

Submit your captured trace file from the TCP lab exercise (Section 1 describes how this can be done).

Department Of Computer Science

Getting Started. 1 Earlier versions of these labs used the Ethereal packet analyzer. In May 2006, the developer of Ethereal

Planning and Cabling Networks

Introduction to Wireshark

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

1. What type of network cable is used between a terminal and a console port? cross-over straight-through rollover patch cable 2.

Network Forensics (wireshark) Cybersecurity HS Summer Camp

Twisted-Pair Cabling; Crossover Cables. Wiring standards for Ethernet cables using twisted-pair wires; Making and testing cables

Presenter. Xiaolong Li, Assistant Professor Department of Industrial and Engineering Technology Morehead State University

CNE301 Network I Lab 04 Building a cross-over cable and configuring back2back network.

Lab Assignment for Chapter 1

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

Lab - Building an Ethernet Crossover Cable

8.0.1 Chapter 8 Introduction

Communication Wiring Color Codes

Student Lab Manual. Networks and Communications (COMP277L) SYSTEM PROPERTIES. Dr. Mohamed Ben Laroussi Aissa Room 11 A- 2.

COMPUTER ENGINEERING AND INFORMATION TECHNOLOGY DEPARTMENT NETWORK LABORATORY. Ethernet Cabling

CCENT Study Guide. Chapter 2 Ethernet Networking and Data Encapsulation

CCNA Exploration Network Fundamentals. Chapter 10 Planning and Cabling Networks

Using Ethereal As A Tool For Network Security Mentor: Mr. Christopher Edwards Team Members: Jerome Mitchell, Anthony Anderson, and Napoleon Paxton

Lab 1: Packet Sniffing and Wireshark

Introduction to Wireshark

Problem Set 9 Due: Start of class, December 4

RS-232 Connector Pin Assignments

Networking Fundamentals. An Introduction to Networks. tel: +44 (0) fax: +44 (0) web:

Packet Tracer Mini-Lab 05: Supplement Configuring 2 LANs with 2 Routers using CLI in Packet Tracer

Appendix B Networks, Routing, and Firewall Basics

Making Ethernet Cables

RS232/RS485/RS422 to TCP/IP Converter ITEM NO.: RS007

Wireshark HTTP. Introduction. The Basic HTTP GET/response interaction

A+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 16 Networking Types, Devices, and Cabling

Special expressions, phrases, abbreviations and terms of Computer Networks

Cable Specifications. Interface Specifications. Fiber-Optic Specifications APPENDIXB

Lab - Using Wireshark to Examine a UDP DNS Capture

Lab - Using Wireshark to Examine a UDP DNS Capture

OSI Model with Protocols. Layer Name PDU Address Protocols Device

ROCKETLINX ES7110. Quick Installation Guide Rev C ES7110 ES7110-VB. Industrial PoE Switch

Networking 101. Introduction to Ethernet networking basics; Network types, components, configurations. Routers. Switches. Servers.

Wireshark Lab: HTTP. 1. The Basic HTTP GET/response interaction

Cable and Port Specifications

Lab Using Wireshark to Examine Ethernet Frames

Physical Layer V What does the physical layer provide?

Wireshark Lab: HTTP v6.1

Modern Ethernet. Chapter 6

Department Of Computer Science

Contents. 1 Introduction Appearance Verification Unpacking the tester Package Checklist...

Cisco - Ethernet 100BaseTX and 10BaseT Cables: Guidelines and Specifications

Lab Using Wireshark to Examine Ethernet Frames

NT1210 Introduction to Networking. Unit 5:

RS232+LAN INTERFACE USER MANUAL

3 Chapter Introduction. 3.2 Copper Cable

4-port 10/100TX + 1 or 2-port 100FX Industrial Switch. User Manual

COMPUTER NETWORK. PREPARED BY: DHAVAL R. PATEL Page 1. Q.1 Explain IP address. IP address is unique number of network device in network.

Section 1.1: Networking Overview

Lantech I(P)GS-0008B. 8 10/100/1000T (PoE at/af) Industrial Unmanaged Ethernet Switch I(P)ES-0008B

Lab Assignment 3 for ECE374

CSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP

Cable and Port Specifications

Sniffter 100 Documentation

Cabling Guide for Console and AUX

Review: Networking Fall Final

5 10/100TX w/ 4 PoE Injector Industrial Switch. User Manual

Connector and Cable Specifications

Homework 4 assignment for ECE374 Posted: 04/06/15 Due: 04/13/15

7I74 MANUAL 8 CHANNEL RS-422 INTERFACE

8 10/100/1000T Industrial Switch. User Manual MS655208(X)

9. Wireshark I: Protocol Stack and Ethernet

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

Contents. One Introduction 2. Two Installation 3 Front Panel Connecting Ports LEDs

Number: Passing Score: 750 Time Limit: 120 min File Version: 1.0. Microsoft Exam Name: Identity with Windows Server 2016 (beta)

Appendix A Cable Pinouts

MDI/MDIX) FEP-32005T-2

Lab Capturing and Analyzing Network Traffic

Hypercable injecteur HPOE - Industrial IEEE 802.3at Gigabit PoE Injector. User Manual. v.1.0 Jun Mail :

Cisco CCT Routing & Switching

Cable Pinouts. SRP I/O Module

Wireshark Lab: Ethernet and ARP v6.01

Networking Devices. Punch_down panels

See instructions to download and install the latest version of LinkBoxMB and the user's manual at

EXTENDER 6000 / 7000 CABLES & CONNECTORS

Manual Documentation Number EIR418-2SFP-T 0912m

CE3005: Computer Networks Laboratory 3 SNIFFING AND ANALYSING NETWORK PACKETS

Transcription:

Objectives Taibah University College of Computer Science & Eng. Computer Engineering Department Computer Networks Laboratory CN332 Lab. 1 Cabling & Packet Sniffing Prepared By: Eng. Wasan Fraihat 1. To become familiar with the different types of cables used in the lab. 2. To become familiar with cable tester equipment 3. To become familiar with the WIRESHARK packet sniffer software package. Pre-lab Preparation: 1. Read thoroughly and prepare the experiment sheet. 2. Review the sections in the book regarding HTTP communications. 3. Review the Ethernet frame format, the IPv4 packet format and the TCP/UDP segment formats. 4. You must bring a printed copy of this experiment with you to the lab. Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Cabling Choosing the cables necessary to make a successful LAN or WAN connection requires consideration of the different media types. There are many different Physical layer implementations that support multiple media types. UTP cabling connections are specified by the Electronics Industry Alliance/Telecommunications Industry Association (EIA/TIA). The RJ-45 connector is the male component crimped on the end of the cable. When viewed from the front, the pins are numbered from 8 to 1. When viewed from above with the opening gate facing you, the pins are numbered 1 through 8, from left to right. This orientation is important to remember when identifying a cable. Page 1 of 21

Types of Interfaces In an Ethernet LAN, devices use one of two types of UTP interfaces - MDI or MDIX. The MDI (media-dependent interface) uses the normal Ethernet pinout. Pins 1 and 2 are used for transmitting and pins 3 and 6 are used for receiving. Devices such as computers, servers, or routers will have MDI connections. The devices that provide LAN connectivity - usually hubs or switches - typically use MDIX (media-dependent interface, crossover) connections. The MDIX connection swaps the transmit pairs internally. This swapping allows the end devices to be connected to the hub or switch using a straight-through cable. Typically, when connecting different types of devices, use a straight-through cable. And when connecting the same type of device, use a crossover cable. Straight-through UTP Cables A straight-through cable has connectors on each end that are terminated the same in accordance with either the T568A or T568B standards. Identifying the cable standard used allows you to determine if you have the right cable for the job. More importantly, it is a common practice to use the same color codes throughout the LAN for consistency in documentation. Use straight-through cables for the following connections: Switch to a router Ethernet port Computer to switch Computer to hub Page 2 of 21

Crossover UTP Cables For two devices to communicate through a cable that is directly connected between the two, the transmit terminal of one device needs to be connected to the receive terminal of the other device. The cable must be terminated so the transmit pin, Tx, taking the signal from device A at one end, is wired to the receive pin, Rx, on device B. Similarly, device B's Tx pin must be connected to device A's Rx pin. If the Tx pin on a device is numbered 1, and the Rx pin is numbered 2, the cable connects pin 1 at one end with pin 2 at the other end. These "crossed over" pin connections give this type of cable its name, crossover. To achieve this type of connection with a UTP cable, one end must be terminated as EIA/TIA T568A pinout, and the other end terminated with T568B pinout. To summarize, crossover cables directly connect the following devices on a LAN: Switch to switch Switch to hub Hub to hub Router to router Ethernet port connection Computer to computer Computer to a router Ethernet port Page 3 of 21

Rollover UTP Cables In a rolled cable, the colored wires at one end of the cable are in the reverse sequence of the colored wires at the other end of the cable. Console Cables (RJ-45 to DB-9 Female) This cable is also known as Management Cable. The connection to the console is made by plugging the DB-9 connector into an available EIA/TIA 232 serial port on the computer. It is important to remember that if there is more than one serial port, note which port number is being used for the console connection. Once the serial connection to the computer is made, connect the RJ-45 end of the cable directly into the console interface on the router. Page 4 of 21

MDI/MDIX Selection Many devices allow the UTP Ethernet port to be set to MDI or MDIX. This can be done in one of three ways, depending on the features of the device: 1. On some devices, ports may have a mechanism that electrically swaps the transmit and receive pairs. The port can be changed from MDI to MDIX by engaging the mechanism. 2. As part of the configuration, some devices allow for selecting whether a port functions as MDI or as MDIX. 3. Many newer devices have an automatic crossover feature. This feature allows the device to detect the required cable type and configures the interfaces accordingly. On some devices, this auto-detection is performed by default. Other devices require an interface configuration command for enabling MDIX auto-detection. Page 5 of 21

Serial Cables In the lab experiments, you may be using Cisco routers with one of two types of physical serial cables. Both cables use a large Winchester 15 Pin connector on the network end. This end of the cable is used as a V.35 connection to a Physical layer device such as a CSU/DSU. The first cable type has a male DB-60 connector on the Cisco end and a male Winchester connector on the network end. The second type is a more compact version of this cable and has a Smart Serial connector on the Cisco device end. It is necessary to be able to identify the two different types in order to connect successfully to the router. Data Communications Equipment and Data Terminal Equipment The following terms describe the types of devices that maintain the link between a sending and a receiving device: Data Communications Equipment (DCE) - A device that supplies the clocking services to another device. Typically, this device is at the WAN access provider end of the link. Data Terminal Equipment (DTE) - A device that receives clocking services from another device and adjusts accordingly. Typically, this device is at the WAN customer or user end of the link. If a serial connection is made directly to a service provider or to a device that provides signal clocking such as a channel service unit/data service unit (CSU/DSU), the router is considered to be data terminal equipment (DTE) and will use a DTE serial cable. DCEs and DTEs are used in WAN connections. The communication via a WAN connection is maintained by providing a clock rate that is acceptable to both the sending and the receiving device. In most cases, the ISP provides the clocking service that synchronizes the transmitted signal. For example, if a device connected via a WAN link is sending its signal at 1.544 Mbps, each receiving device must use a clock, sending out a sample signal every 1/1,544,000th of a second. The timing in this case is extremely short. The devices must be able to synchronize to the signal that is sent and received very quickly. Page 6 of 21

By assigning a clock rate to the router, the timing is set. This allows a router to adjust the speed of its communication operations (the router will therefore use a data communications equipment (DCE) cable), thereby synchronizing with the devices connected to it. When making WAN connections between two routers in a lab, connect two routers with a serial cable to simulate a point-to-point WAN link. In this case, decide which router is going to be the one in control of clocking. Routers are DTE devices by default, but they can be configured to act as DCE devices. The V35 compliant cables are available in DTE and DCE versions. To create a point-to-point serial connection between two routers, join together a DTE and DCE cable. Each cable comes with a connector that mates with its complementary type. These connectors are configured so that you cannot join two DCE or two DTE cables together by mistake. Page 7 of 21

How to prepare a UTP cable Example: Instructions to prepare a Crossover cable Things you'll need: Step 1 RJ-45 Crimp Tool Cat-5e Cable RJ-45 Jacks Step 2 Prepare your workspace. Take the roll of UTP cable and cut the cable to length using the cutting blade on the crimp tool. Step 3 Splice the end by using the splicing blades to expose the unshielded twisted pairs. Step 4 Take each twisted pair and make four wire strands, each going out from the center of the wire. Now take the individual twisted wire pairs and untwist them down to individual wires in the following order: Striped Orange, Orange, Striped Green, Blue, Striped Blue, Green, Striped Brown, Brown. Page 8 of 21

Step 5 Step 6 Next, grasp the wires with your thumb and index finger of your non-dominant hand. Take each wire and snug them securely side by side. Step 7 Using the cutting blade of the crimp tool, cut the ends off of the wires to make each wire the same height. Step 8 Still grasping the wires, insert the RJ-45 jack on the wires with the clip facing away from you. Step 9 Insert the jack into the crimper and press down tightly on the tool to seal the wires in place. Once the first head is made, repeat steps two through eight. When untwisting the wires down to sing strands, use the following order: Striped Green, Green, Striped Orange, Blue, Striped Blue, Orange, Striped Brown, Brown. Step 10 Plug in the cable to test connectivity. Page 9 of 21

Part 2: Cables Testing In this lab, we are going to use MicroScanner2 UTP cable tester device to verify that cables were prepared correctly else diagnosing cable's faults. MicroScanner2 Features Page 10 of 21

Auto Shutoff The tester turns off after 10 minutes if no keys are pressed and nothing changes at the tester s connectors. Changing the Length Units Page 11 of 21

Page 12 of 21

Page 13 of 21

Diagnosing Wiremap Faults Open Wires connected to wrong pins at connector or punchdown blocks Faulty connections Damaged connector Damaged cable Wrong pairs selected in setup Wrong application for cable Page 14 of 21

Split Pair Wires connected to wrong pins at connector or punchdown block. Reversed Pairs Wires connected to wrong pins at connector or punchdown block. Crossed Pairs Wires connected to wrong pins at connector or punchdown block. Mix of 568A and 568B wiring standards (12 and 36 crossed). Crossover cables used where not needed (12 and 36 crossed). Short Damaged connector Damaged cable Conductive material stuck between pins at connector. Improper connector termination Wrong application for cable ******************************************* *** Solve associated parts in the problem sheet *** ******************************************* Page 15 of 21

Part 3: WIRESHARK Packet Sniffer The purpose of this part is to introduce the packet sniffer WIRESHARK. WIRESHARK will be used for the lab experiments. This part introduces the basic operation of a packet sniffer, and a test run of WIRESHARK. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures ( sniffs ) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine. Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer. Recall from the discussion from section 1.5 in the text (Figure 1.202) that messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer. The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields within a protocol message. In order to do so, the packet analyzer must understand the structure of all messages exchanged by protocols. For example, suppose we are interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an Page 16 of 21

Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that the first bytes of an HTTP message will contain the string GET, POST, or HEAD Running Wireshark When you run the Wireshark program, the Wireshark graphical user interface shown in Figure 2 will be displayed. Initially, no data will be displayed in the various windows. The Wireshark interface has five major components: The command menus are standard pulldown menus located at the top of the window. Of interest to us now are the File and Capture menus. The File menu allows you to save captured packet data or open a file containing previously captured packet data, and exit the Wireshark application. The Capture menu allows you to begin packet capture. The packet-listing window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; this is not a packet number contained in any protocol s header), the time at which the packet was captured, the packet s source and destination addresses, the protocol type, and protocol-specific information contained in the packet. The packet listing can be sorted according to any of these categories by clicking Page 17 of 21

on a column name. The protocol type field lists the highest level protocol that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet. The packet-header details window provides details about the packet selected (highlighted) in the packet listing window. (To select a packet in the packet listing window, place the cursor over the packet s one-line summary in the packet listing window and click with the left mouse button.). These details include information about the Ethernet frame (assuming the packet was sent/received over an Ethernet interface) and IP datagram that contains this packet. The amount of Ethernet and IP-layer detail displayed can be expanded or minimized by clicking on the plus-or-minus boxes to the left of the Ethernet frame or IP datagram line in the packet details window. If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can similarly be expanded or minimized. Finally, details about the highest level protocol that sent or received this packet are also provided. The packet-contents window displays the entire contents of the captured frame, in both ASCII and hexadecimal format. Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows). In the example below, we ll use the packet-display filter field to have Wireshark hide (not display) packets except those that correspond to HTTP messages. Taking Wireshark for a Test Run 1. Start up your favorite web browser, which will display your selected homepage. 2. Start up the Wireshark software. You will initially see a window similar to that shown in Figure 2, except that no packet data will be displayed in the packetlisting, packet-header, or packet-contents window, since Wireshark has not yet begun capturing packets. 3. To begin packet capture, select the Capture pull down menu and select Options. This will cause the Wireshark: Capture Options window to be displayed, as shown in Figure 3. Page 18 of 21

4. You can use most of the default values in this window, but uncheck Hide capture info dialog under Display Options. The network interfaces (i.e., the physical connections) that your computer has to the network will be shown in the Interface pull down menu at the top of the Capture Options window. In case your computer has more than one active network interface (e.g., if you have both a wireless and a wired Ethernet connection), you will need to select an interface that is being used to send and receive packets (mostly likely the wired interface). After selecting the network interface (or using the default interface chosen by Wireshark), click Start. Packet capture will now begin - all packets being sent/received from/by your computer are now being captured by Wireshark! 5. Once you begin packet capture, a packet capture summary window will appear, as shown in Figure 4. This window summarizes the number of packets of various types that are being captured, and (importantly!) contains the Stop button that will allow you to stop packet capture. Don t stop packet capture yet. Page 19 of 21

6. While Wireshark is running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/intro-wireshark-file1.html And have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in order to download this page. The Ethernet frames containing these HTTP messages will be captured by Wireshark. 7. After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet capture by selecting stop in the Wireshark capture window. This will cause the Wireshark capture window to disappear and the main Wireshark window to display all packets captured since you began packet capture. The main Wireshark window should now look similar to Figure 2. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column in Figure 2). 8. Type in http (without the quotes, and in lower case all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered http ). This will cause only HTTP message to be displayed in the packet-listing window. Page 20 of 21

9. Select the first http message shown in the packet-listing window. This should be the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window3. By clicking plus and- minus boxes to the left side of the packet details window, minimize the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed. Maximize the amount information displayed about the HTTP protocol. Your Wireshark display should now look roughly as shown in Figure 5. (Note, in particular, the minimized amount of protocol information for all protocols except HTTP, and the maximized amount of protocol information for HTTP in the packet-header window). 10. Exit Wireshark ******************************************* *** Solve associated parts in the problem sheet *** ******************************************* Page 21 of 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback