User Account

All Pages

Determine the size of first packet in the packet list

Assignment Help Computer Networking
Reference no: EM133085876

Introduction to Wireshark

Objective 1: Gain familiarity with Wireshark
Objective 2: Capture and interpret network data
Objective 3: Locate additional Wireshark resources

Discussion:

Wireshark is a protocol analyser tool and its function is to capture and display network traffic. In Wireshark, we can filter specific traffic, e.g., capturing and displaying the broadcast traffic from other machines. In the coming weeks, we will use Wireshark to capture and examine network traffic to get an understanding of the basics of networking and how particular network protocols operate.

Wireshark is an open source product and can be downloaded and installed free of charge. It supports Windows, Mac, Linux, and Unix platforms. It is the most common and widely used networking tool. It is installed in the Linux Lite virtual image and on Windows host machines. Students should consider downloading and installing Wireshark on their computers/laptops.

Launching Wireshark:
Wireshark can be launched from Windows Start menu or Menu -> Internet on Linux. Upon launching, the following screen will be displayed.

In this opening screen, you can see the main menu with different options and the interfaces. On the right side of interfaces, you can see whether there is any traffic flowing or not. You can also enter a capture filter to specify the traffic, you are interested to see. During your lab tasks, you will frequently be using different options, e.g., File, Capture, and Statistics, in the main menu for capturing and analysing network traffic.

• File (For saving and opening traffic capture files)

• Capture (Used to start and stop network captures and choose network interfaces)

• Statistics (Used to summarise information about captured traffic)

The icons below the menu bar provide shortcuts for starting capture sessions, stopping a capture session, saving and opening capture files, searching for particular packets and other functions.The filter area allows to select filters provided by Wireshark or enter new filters. The display filters area allows you
to limit the amount of traffic displayed by Wireshark.

Capturing network traffic:

• Open Wireshark on Linux Lite and from the Wireshark menu select Capture > Options.
• The left hand side of the screen shows available network interfaces. Select the one labelled enp0s3. From here we can enter a capture filter (optional) then select Start to start capturing network traffic.

• To stop the traffic capture click on the red Stop button in the Wireshark menu.

• Captured traffic should resemble the screen capture below. Notice the three distinct panes: Packet list pane at the top, the Decode pane in the middle and the Packet dump at the bottom. Each is explained below.

Packet List - It shows details of all captured packets. The Time column records the time when a packet was captured. With no filter, this list will grow rapidly.

Packet Decode - For the currently selected packet in the packet list this pane shows the decoded contents of that packet. Wireshark understands what is taking place within many common network protocols and, provided this packet contains a protocol that Wireshark understands, this pane will contain a "human readable" interpretation of the data in the packet. You can click on different sections of the decode and the corresponding region in the Packet Dump pane will be highlighted in blue.

Packet Dump - In this pane the raw data bytes in the current packet can be viewed. Maximise the window and note that there are two, parallel, views of the data on offer. On the left hand side are the numeric value of the binary data displayed in hexadecimal (Each hexadecimal digit represents 4 binary bits). On the right hand side is the same binary information displayed with each byte (2 hexadecimal digits) represented as a character. As you can see, certain bytes do not represent a printable character and are therefore shown instead by a full-stop. Sixteen bytes are normally displayed per row).

Wireshark exercises

(i) Capture some network traffic

• Run Wireshark.
• From main menu, select Capture -> Interfaces.
• Choose the interface that is connected to the network.
• Click Start to begin the capture.
• If you are not capturing traffic you may have selected an interface that is not connected to the network. If you are on a low traffic network, you can generate network traffic by running any network enabled program, e.g., Firefox. Number of packets generated from basic web sites will be enough.
• Wait for about 20 seconds. Click the Stop button to stop capturing network traffic.
• Determine the size of first packet in the packet list pane. Frame summary at the top of the packet decode pane lists the size. You can also confirm the size by counting the bytes in the packet dump pane at the bottom of the screen.
• Now look at the sizes of more packets in the captured traffic. The sizes are likely to vary considerably.

(ii) Saving captured traffic

• From the file menu select Save As and save the captured traffic to your desktop.
• What is the size of the saved file?
• What extension does Wireshark use to save such traffic?
• Saved files can be loaded into Wireshark from the File Menu for subsequent analysis.

(iii) Analysis of captured traffic

• In the packet list pane, you can find seven columns containing different types of information.
• The Time column indicates the time between subsequent packets. Determine the time difference between any two packets. Try to find a few packets that got very small time difference between them.

(iv) Sorting traffic

• The protocol column is extremely important as it allow us to focus in on specific traffic for close observation.
• Click on the Protocol column to sort traffic according to its type.
• You will probably see TCP, UDP and other types of traffic.

(v) Ethernet (MAC addresses)

• Arrange the packet list pane in a way so that it only shows 3 or 4 packets. This will allow you to have more room to display most or all packet dump pane contents in the bottom of the screen.
• In the packet decode pane, click on the word Frame. It will display you the information related to entire transmission.
• Click on the word Ethernet II. You will see the first 14 bytes highlighted in the packet dump pane. This indicates that the Ethernet II data constitutes the first 14 bytes of the frame.
• Click the solid triangle next to the Ethernet II. Here, you will be able to see the Ethernet destination and source addresses and type of IP address in the packet.
• Determine the total number of bytes used to store the Ethernet source or destination address.
• Determine the total number of bits required to store the Ethernet destination address.

(vi) Observing captured traffic

• Download RandomTraffic-1.pcapng from Week 4 in your Moodle Shell to Linux Lite.
• This file was captured from Mt Helen networking lab without applying a capture filter.
• The captured traffic is the background traffic of moderate size networks.

Protocol column

• The protocol column tells us the network protocol in this packet.
• How many different types of protocol have been captured?
• What are the size range of the packets captured?

Encapsulation

• In this exercise, you need to find the protocols used at each layer of the TCP/IP model and the sizes of associated layer headers. This information can be found by selecting a packet in the packet list pane and inspecting it in the decode pane.
• For example, the first packet (TCP packet) is 66 bytes long. First 14 bytes represent the Ethernet header, next 20 bytes represent the IP header, and last 32 bytes represent the TCP header.
• The second packet is an OSPF packet and is 94 bytes long. It has an IP header (20 bytes long) associated with it followed by the OSPF information. OSPF is a Network layer protocol and does not require any encapsulation, therefore, we do not see a TCP header. Determine more information about the role of OSPF in computer networking from the Internet.
• Study the encapsulation of STP protocol. Try to determine the encapsulation from network traffic. (Hint: If you cannot see the network layer protocol or the transport layer protocol header, then the interactions are taking place on the data link layer. Confirm this by looking on the Internet for information about the protocol in question. Also have a look at the Ethernet Type field in the Ethernet header for STP.

(vii) Ethernet Communication

Ethernet based communication is local, i.e., communication between two network interface cards on the same network. This type of communication requires source and destination MAC addresses only. To demonstrate this fact, we have developed a program that can run on Linux Lite and creates an Ethernet packet containing the MAC address of your machine (the source) and a destination machine (you need to enter the destination machine's MAC address manually). The Type field of this Ethernet frame is one of the reserved Ethernet types. This was chosen so that Wireshark does not have issues decoding the frame content. It will simply interpret any information beyond the 14 bytes of the Ethernet header as Data.

Machine 1: Any machine that can run Wireshark

• Determine the MAC address of this machine so that the packet can be formatted correctly on machine 2.

Machine 2: Linux Lite

This machine will be used to format the Ethernet frame and send it.

• Go to Moodle and download SendEthernet.tar.gz file under Laboratory.
• Save the file to the Home directory of user1 (/home/user1/).
• Double click the file SendEthernet.tar.gz file then extract it to user1's home directory.
• Open a terminal scree and type ls (ls is the list command and should show the contents of your home directory). Now you should see the file run.sh.
• Then type sudo ./run.sh and enter the user1 password when prompted.You should be able to see an interface similar to the one shown below.

• Make sure you have Wireshark running on the receiving machine.
• Send the packet.
• Stop each instance of Wireshark from capturing more packets.

The program interface creates a Wireshark display filter that can filter out all other traffic from a large capture. If you like you can cut and paste the display filter on your Linux Lite machine to display the packet that was sent, or you can use it on the other machine to display the packet that was received. By inspecting the packet, you should be able to see the MAC addresses of source and destination. You should also be able to see the type field (0xffff) and the data that you entered in the GUI interface.

MAC Address Task (1 mark)

Show the captured packet to your tutor. The capture should be performed on both your Linux Lite and the destination machines. Online students should include a screenshot of the captured packet in their first lab tasks report.

(viii) Wireshark online resources

Laura Chappell is extremely active in the area of network analysis using Wireshark and has a strong web presence. She runs a website called Chappell University. Laura has posted many free online videos on YouTube and other sites. The site www.lcuportal2.com/ has many free Wireshark videos explaining the basics and advanced features of Wireshark. If you the link www.lcuportal2.com/, then on the left-hand side of the screen, you should be able to see links to

• Free Wireshark Basics

• Public Course Handouts

You can start with the Free Wireshark Basics link and observe the first few videos. It will be advantageous to look at other videos available on this site. Some video topics may help you better understanding some lab exercises in this course. In this week, we have ignored the ARP which is a data link layer protocol. We will discuss it in the coming weeks lectures.

Attachment:- Wireshark.rar

Reference no: EM133085876

Questions Cloud

Fate of dry-leased aircraft : 1. XYZ Airlines, one of the growing airlines in Asia, as part of its routine network expansion programme, widened its horizon to new destinations through dry-le
How much will be the adjustment on equipment net account : For intercompany sale in April, how much will be the adjustment on equipment net account balance in the December 31, 2016 consolidated financial statements
Describe job dimensions of the firm : Describe the job dimensions of the firm and discuss whether or not you believe the current design is appropriate for the firm.
Differences between switch and router : What are the differences between switch and router? Why are routing tables more complex than Ethernet switching tables? Give a detailed answer.
Determine the size of first packet in the packet list : Determine the size of first packet in the packet list pane. Frame summary at the top of the packet decode pane lists the size. You can also confirm the size
United nations world tourism organisation : Your task is to identify the variety of types and functions of tourism organizations available and evaluate their contribution at regional, national and interna
Compute justin net tax payable or refund due : Justin had a $2,000 0%/15%/20% long-term capital gain distribution from the Brown Stock Investment Fund. Compute Justin net tax payable or refund due
How many units did hope actually produce during the period : Question - Hope, Inc. has a standard variable overhead rate of $4 per machine hour, How many units did Hope actually produce during the period
Calculate the amount of bond discount or premium : The bonds which were issued at 98, pay interest on January 1 and June 1. Use this information to calculate the amount of bond discount or premium

Reviews

Write a Review

Computer Networking Questions & Answers

  Nternet access methods are the dsl modem and the cable modem

In not less than 300 words, discuss in a comparative sense the broadband access solutions, with particular attention to FTTH as an ultimate contender.

  Discuss various stages in project life cycle

Discuss various stages in project life cycle based on the type of IT organization structure you have seen - Your ability to see what the module.

  Prepare graphical representation of recommended architectur

Create a graphical representation of your recommended architecture. Explain what type of architecture the new payroll application should use and why.

  Prepare a 5-7 slide presentation on the network types you

create a 5-7 slide presentation on the network types. you may use various sources including your textbook. be sure to

  Secure the windows and unix-linux servers

Why you believe it is important to secure the Windows and Unix/Linux servers from known shortcomings and vulnerabilities.

  What is the purpose of a firewall

Cisco routers use what command to block broadcasts to a subnet? What is the best way to keep from contributing to DDoS attacks?

  Write journal about computer networking

Write journal about computer networking

  What is the purpose of the inquiry procedure in bluetooth

What is a piconet? What is the purpose of the paging procedure in Bluetooth? Define the term backscatter.

  Explain physical address and ip address of a computer

The "ping" command is a computer network tool used to test whether a particular host is reachable across an IP network.

  Describe the ip address classes and ranges

Describe the IP address classes and ranges. Provide examples of internal vs. external address ranges. What configuration changes would you make in a network wireless router to enable a base level of security

  Find networking configuration in most workplaces environment

Networking configurations are one of the most important part of the IT world. We can find networking configurations in most the workplaces environments.

  Define list of log types and their locations

Earlier in this chapter, you viewed and manipulated log file entries on a computer running Windows. In this project, you do the same on a computer running.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd