Reference no: EM133189211
ICT 202 Cyber Security - Introduction to Wireshark
Objective of this lab:
The basic purpose of this lab is to introduce you to Wireshark, a popular protocol analyzer and packet sniffer. By the end of this lab, you will be familiar to its environment and will be able to capture packets.
Instructions:
• Read carefully before starting the lab.
• These exercises are to be done individually.
• You are supposed to provide the answers to the questions listed at the end of this document
1. What is a Protocol Analyzer?
Taking Wireshark on a Test Run
The best way to learn about any new piece of software is to try it out! We'll assume that your computer is connected to the Internet via a wired Ethernet interface or a wireless 802.11 WiFi interface. Do the following:
1. Start up your favorite web browser, which will display your selected homepage.
2. Start up the Wireshark software. You will initially see a window similar to that shown in Figure 2. Wireshark has not yet begun capturing packets.
3. To begin packet capture, select the Capture pull down menu and select Interfaces. This will cause the "Wireshark: Capture Interfaces" window to be displayed (on a PC) or you can choose Options on a Mac. You should see a list of interfaces, as shown in Figures 4a (Windows) and 4b (Mac).
4. You'll see a list of the interfaces on your computer as well as a count of the packets that have been observed on that interface so far. On a Windows machine, click on Start for the interface on which you want to begin packet capture (in the case in Figure 4a, the Gigabit network Connection). On a Windows machine, select the interface and click Start on the bottom of the window). Packet capture will now begin - Wireshark is now capturing all packets being sent/received from/by your computer!
5. Once you begin packet capture, a window similar to that shown in Figure 3 will appear. This window shows the packets being captured. By selecting Capture pulldown menu and selecting Stop, or by click on the red Stop square, you can stop packet capture. But don't stop packet capture yet. Let's capture some interesting packets first. To do so, we'll need to generate some network traffic. Let's do so using a web browser, which will use the HTTP protocol that we will study in detail in class to download content from a website.
6. While Wireshark is running, enter the URL:
8. Type in "http" (without the quotes, and in lower case - all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered "http") or just hit return. This will cause only HTTP message to be displayed in the packet-listing window. Figure 5 below shows a screenshot after the http filter has been applied to the packet capture window shown earlier in Figure 3. Note also that in the Selected packet details window, we've chosen to show detailed content for the Hypertext Transfer Protocol application message that was found within the TCP segment, that was inside the IPv4 datagram that was inside the Ethernet II (WiFi) frame. Focusing on content at a specific message, segment, datagram and frame level lets us focus on just what we want to look at (in this case HTTP messages).
Answer the following Questions. You must provide a brief explanation and a screenshot of your work otherwise no marks will be given.
1. List 2 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above.
2. What is the Internet Protocol (IP) address of the destination server? What is the Internet Protocol (IP) address of your computer?
3. Is your browser running HTTP version 1.0 or 1.1?
4. What is the TCP port number used by your machine? What is the TCP port number used by the destination server?
Over Hyper Text Transfer Protocol (HTTP)
Your next task is to capture username and password that is entered on a website that uses HTTP. Remember that HTTP does not provide security and usernames and passwords are sent in cleartext (i.e., with no encryption). Follow the steps given below:
a. Start capturing packets with Wireshark and in your browser
b. Enter your first name as username and last name as password and then press login.
c. Stop packets capturing by Wireshark and search for HTTP Post method that contains the username and password that is sent by your browser. You have to submit the screenshot of that HTTP message.
Attachment:- Cyber Security.rar