User Account

All Pages

Find the protocols used at each layer of the tcp

Assignment Help Other Subject
Reference no: EM133127739

Lab Sheet - Week (Introduction to Wireshark)

Objectives
• Gain familiarity with Wireshark
• Capture and interpret network data
• Locate additional Wireshark resources

Discussion

Wireshark is a protocol analyser tool and its function is to capture and display network traffic. In Wireshark, we can filter specific traffic, e.g., capturing and displaying the broadcast traffic from other machines. In the coming weeks, we will use Wireshark to capture and examine network traffic to get an understanding of the basics of networking and how particular network protocols operate.

Wireshark is an open source product and can be downloaded and installed free of charge. It supports Windows, Mac, Linux, and Unix platforms. It is the most common and widely used networking tool. It is installed in the Linux Lite virtual image and on Windows host machines. Students should consider downloading and installing Wireshark on their computers/laptops.

Launching Wireshark
Wireshark can be launched from Windows Start menu or Menu -> Internet on Linux. Upon launching, the following screen will be displayed.

In this opening screen, you can see the main menu with different options and the interfaces. On the right side of interfaces, you can see whether there is any traffic flowing or not. You can also enter a capture filter to specify the traffic, you are interested to see. During your lab tasks, you will frequently be using different options, e.g., File, Capture, and Statistics, in the main menu for capturing and analysing network traffic.
• File (saving and opening captured traffic files)
• Capture (starting and stopping network captures and choosing network interfaces)
• Statistics (summarising information of captured traffic)

The icons below the menu bar provide shortcuts for starting the capturing sessions, stopping a capture session, saving and opening captured files, searching specific packets, and other functions. The filter area allows to select filters provided by Wireshark or enter new filters. The display filters area allows you to limit the amount of traffic displayed by Wireshark.

Capturing Network Traffic
• Open Wireshark on Linux Lite and select Capture -> Options.
• The left-hand side of the screen shows available network interfaces. Select the one labelled enp0s3. From here, we can enter a capture filter (optional) and select Start to start capturing network traffic.

• To stop traffic capturing, click on the red Stop button in the Wireshark menu.
• The captured traffic should resemble to the screen shot below. You can notice three distinct panes, i.e., packet list pane (the top one), decode pane (the middle one), and packet dump (the bottom one), and are explained below.

Packet List: It shows details of all captured packets. The Time column records the time when a packet was captured. With no filter, this list will grow rapidly.
Packet Decode: It shows the decoded contents of a captured packet. This pane will contain a "human readable" interpretation of data inside the packet. You can click on different sections in the decode contents and the corresponding region in the packet dump pane will be highlighted.
Packet Dump: It shows data bytes in the current packet. If you maximise the window, you can notice that there are three views of the captured data. In the left-hand view, data are displayed in hexadecimal format. The middle view shows the information in byte format, i.e., two hexadecimal digits. In the right-hand view, certain bytes do not represent a printable character and are represented by a full-stop. Sixteen bytes are normally displayed in each row.

Wireshark Exercises
(i) Capturing Network Traffic
• Run Wireshark.
• From main menu, select Capture -> Interfaces.
• Choose the interface that is connected to the network.
• Click Start to begin the capture.
If you are not capturing traffic you may have selected an interface that is not connected to the network. If you are on a low traffic network, you can generate network traffic by running any network enabled program, e.g., Firefox. Number of packets generated from basic web sites will be enough.

• Wait for about 20 seconds. Click the Stop button to stop capturing network traffic.
• Determine the size of first packet in the packet list pane. Frame summary at the top of the packet decode pane lists the size. You can also confirm the size by counting the bytes in the packet dump pane at the bottom of the screen.
• Now look at the sizes of more packets in the captured traffic. The sizes are likely to vary considerably.

(ii) Saving Captured Traffic
• From the file menu, select Save As and save the captured traffic to your desktop.
• What is the size of the saved file?
• What extension does Wireshark use when saving the traffic?
• Saved files can be loaded into Wireshark from the file menu for subsequent analysis.

(iii) Analysis of Captured Traffic
• In the packet list pane, you can find seven columns containing different types of information.
• The Time column indicates the time between subsequent packets. Determine the time difference between any two packets. Try to find a few packets that got very small time difference between them.

(iv) Sorting the Traffic
• The Protocol column is extremely important as it allows us to focus on specific traffic.
• Click on the Protocol column to sort the traffic according to its type.
• You will probably see the TCP, UDP, and other types of traffic.

(v) Ethernet/MAC Addresses
• Arrange the packet list pane in a way so that it only shows 3 or 4 packets. This will allow you to have more room to display most or all packet dump pane contents in the bottom of the screen.
• In the packet decode pane, click on the word Frame. It will display you the information related to entire transmission.
• Click on the word Ethernet II. You will see the first 14 bytes highlighted in the packet dump pane. This indicates that the Ethernet II data constitutes the first 14 bytes of the frame.
• Click the solid triangle next to the Ethernet II. Here, you will be able to see the Ethernet destination and source addresses and type of IP address in the packet.
• Determine the total number of bytes used to store the Ethernet source or destination address.
• Determine the total number of bits required to store the Ethernet destination address.

(vi) Observing the Captured Traffic
• Download RandomTraffic-1.pcapng from Week 4 in your Moodle Shell to Linux Lite.
• This file was captured from Mt Helen networking lab without applying a capture filter.
• The captured traffic is the background traffic of moderate size networks.
Protocol Column
• The protocol column tells us the network protocol in this packet.
• How many different types of protocols have been captured?
• What are the size ranges of the packets captured?

Encapsulation
• In this exercise, you need to find the protocols used at each layer of the TCP/IP model and the sizes of associated layer headers. This information can be found by selecting a packet in the packet list pane and inspecting it in the decode pane.
• For example, the first packet (TCP packet) is 66 bytes long. First 14 bytes represent the Ethernet header, next 20 bytes represent the IP header, and last 32 bytes represent the TCP header.
• The second packet is an OSPF packet and is 94 bytes long. It has an IP header (20 bytes long) associated with it followed by the OSPF information. OSPF is a Network layer protocol and does not require any encapsulation, therefore, we do not see a TCP header. Determine more information about the role of OSPF in computer networking from the Internet.
• Study the encapsulation of STP protocol. Try to determine the encapsulation from network traffic. (Hint: If you cannot see the network layer protocol or the transport layer protocol header, then the interactions are taking place on the data link layer. Confirm this by looking on the Internet for information about the protocol in question. Also have a look at the Ethernet Type field in the Ethernet header for STP.
• To collate the information about packet headers, you need to create a table as shown below.

Table Task
Complete the above table and explain it to your tutor. Online students should provide a brief summary in their first lab tasks report.

(vii) Ethernet Communication
Ethernet based communication is local, i.e., communication between two network interface cards on the same network. This type of communication requires source and destination MAC addresses only. To demonstrate this fact, we have developed a program that can run on Linux Lite and creates an Ethernet packet containing the MAC address of your machine (the source) and a destination machine (you need to enter the destination machine's MAC address manually). The Type field of this Ethernet frame is one of the reserved Ethernet types. This was chosen so that Wireshark does not have issues decoding the frame content. It will simply interpret any information beyond the 14 bytes of the Ethernet header as Data.

Machine 1 (Any machine that can run Wireshark)
• Determine the MAC address of this machine so that the packet can be formatted correctly on machine 2.

Machine 2 (Linux Lite)
This machine will be used to format the Ethernet frame and send it.
• Open Firefox or any other browser and enter the URL (phoebe.ballarat.edu.au/ITECH1102/).
• Click on the file SendEthernet.tar.gz and save it to the home directory of user1 (/home/user1/).
• Double click the file (SendEthernet.tar.gz) and extract it to user1's home directory.
• Open the terminal screen and type ls (ls is the list command and shows the contents of your home directory). Now you should be able to see the file run.sh.
• Then type sudo ./run.sh and enter user1's password when prompted. You should be able to see an interface similar to the one shown below.

• Make sure you have Wireshark running on the receiving machine.

• Send the packet.
• Stop each instance of Wireshark from capturing more packets.

The program interface creates a Wireshark display filter that can filter out all other traffic from a large capture. If you like you can cut and paste the display filter on your Linux Lite machine to display the packet that was sent, or you can use it on the other machine to display the packet that was received. By inspecting the packet, you should be able to see the MAC addresses of source and destination. You should also be able to see the type field (0xffff) and the data that you entered in the GUI interface.

MAC Address Task
Show the captured packet to your tutor. The capture should be performed on both your Linux Lite and the destination machines. Online students should include a screenshot of the captured packet in their first lab tasks report.

(viii) Wireshark Online Resources
Laura Chappell is extremely active in the area of network analysis using Wireshark and has a strong web presence. She runs a website called Chappell University. Laura has posted many free online videos on YouTube and other sites. The site www.lcuportal2.com/ has many free Wireshark videos explaining the basics and advanced features of Wireshark. If you the link www.lcuportal2.com/, then on the left-hand side of the screen, you should be able to see links to
• Free Wireshark Basics
• Public Course Handouts

You can start with the Free Wireshark Basics link and observe the first few videos. It will be advantageous to look at other videos available on this site. Some video topics may help you better understanding some lab exercises in this course. In this week, we have ignored the ARP which is a data link layer protocol. We will discuss it in the coming weeks lectures.

Attachment:- Wireshark.rar

Reference no: EM133127739

Questions Cloud

Research method of healthcare-Nuremberg code describe : What are the four basic ethical principles guiding research? What does the Nuremberg Code describe? What is true about the Belmont Report of 1979?
Implementing evidence based practice in the clinical area : Critically discuss barriers and facilitators to implementing evidence based practice in the clinical area - Conduct a comprehensive literature search
Career planning program at carter cleaning : Discuss the problems/issues at hand at Carter Cleaning for this unit. What are the benefits to a career planning program at Carter Cleaning?
What is role of technology in business : What is the role of technology in business? Provide an example (or examples) of a technology from the glossary being used in business.
Find the protocols used at each layer of the tcp : Find the protocols used at each layer of the TCP/IP model and the sizes of associated layer headers. This information can be found by selecting a packet
Share recent or current event in which business : Share a recent or current event in which a business or government failed to protect consumers. What were the failures? Who were the victims?
Significant impact in business presentation : Describe a time when a picture, drawing or other visual made a significant impact in a business presentation you attended.
Tracked on bug identification and bug fixes : What happens if metrics are not tracked on bug identification and bug fixes?
Change management failures can be traced : Change management failures can be traced to many different aspects. What should be done differently?

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd