...1:Analyzing IP Protocols with Wireshark ........................................................................ 6 Introduction ............................................................................................................................................. 6 Learning Objectives ................................................................................................................................ 6 Tools and Software ................................................................................................................................. 7 Deliverables ............................................................................................................................................. 7 Evaluation Criteria and Rubrics ........................................................................................................... 7 Hands-On Steps ....................................................................................................................................... 8 Part 1: Exploring Wireshark ............................................................................................................... 8 Part 2: Analyzing Wireshark Capture Information .......................................................................... 12 Lab #1 - Assessment Worksheet .............................................................................................................. 19 Analyzing IP Protocols with Wireshark ..............................
Words: 48147 - Pages: 193
...protocols can often be greatly deepened by “seeing protocols in action” and by “playing around with protocols” – observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. This can be done in simulated scenarios or in a “real” network environment such as the Internet. In the Wireshark labs you’ll be doing in this course, you’ll be running various network applications in different scenarios using your own computer (or you can borrow a friends; let me know if you don’t have access to a computer where you can install/run Wireshark). You’ll observe the network protocols in your computer “in action,” interacting and exchanging messages with protocol entities executing elsewhere in the Internet. Thus, you and your computer will be an integral part of these “live” labs. You’ll observe, and you’ll learn, by doing. In this first Wireshark lab, you’ll get acquainted with Wireshark, and make some simple packet captures and observations. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes...
Words: 2509 - Pages: 11
...tool and the types of measurements it can take. For this Lab you will need to install TracePlus/Ethernet on your (Windows) computer. (If you have a Mac, the application works fine in VMWare, Parallels, etc. Alternatively, you may use WireShark, Capsa Free, or Packet Peeper, as identified below). In addition to your textbook, refer to your notes taken during the demo of the tool in class. Open the app and select the proper capture interface (Ie – e01, e02, etc. These are your wired connections and wireless connection interfaces, if you have wireless. You may need to try various Ethernet Ports to find some data and get connected to the right interface. You will know you are collecting data when you see packets of information are being displayed. You will see an entry for each packet that arrives). Once the application running and collecting packets of data, as demonstrated in class, do the following: (1) Launch a YouTube video in your browser. Notice the increase in Packets. If you are using TracePlus, you can also see the increase in Bandwidth and %Bandwidth on the virtual Dashboard. Record the number of Packets. Look at the total inbound and outbound traffic. Which is greater and what are the values? (Tip: if you are using Wireshark, which does not have the visual dashboard, look under “Statistics” and “Conversations” to locate this information. For example Packets A->B is out and Packets A<-B is in. For Packet Peeper, you will not easily be able to...
Words: 988 - Pages: 4
...Hands-On Steps Note: This lab contains detailed lab procedures which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should review these tasks before starting the lab. 1. From the vWorkstation desktop, open the Common Lab Tasks file. If desired, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 "Student Landing" workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Part 1: Capture Network Traffic using TCPdump utility Note: In the next steps, you will use TCPdump, a command line utility, to capture network traffic on the TargetLinux01 virtual server. You will generate that traffic by exploiting a cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) tool. In the lab environment, you will be capturing traffic on one interface. In a real-world situation, it is likely the machine would be straddling both an internal network and an external network. In that case, you would want to want to monitor both sides of the interface. Monitoring outside network traffic allows information systems security practitioners to see who and what is attempting to infiltrate your IP network. Monitoring internal traffic allows network analysts to see exactly...
Words: 3168 - Pages: 13
...Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots showing the HTTP GET and HTTP reply answer these questions: 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? 2. What languages (if any) does your browser indicate that it can accept to the server? 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? 4. What is the status code returned from the server to your browser? 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. Answer: no, I don’t see any in the HTTP Message below ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Client IP address Gaia server IP address Client running http 1.1 languages accepted Return status: 200 content: 128 bytes server running http 1.1 document last modified on this date ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. 2. The HTTP CONDITIONAL GET/response interaction Here’s a screenshot after doing the two identical HTTP GETs: First GET, then a reply, then another ...
Words: 1220 - Pages: 5
...Pallavi Asrodia, Hemlata Patel / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 3, May-Jun 2012, pp.854-856 Network Traffic Analysis Using Packet Sniffer Pallavi Asrodia*, Hemlata Patel** *(Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India.) ** (Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India) ABSTRACT In the past five decades computer networks have kept up growing in size, complexity and, overall, in the number of its users as well as being in a permanent evolution. Hence the amount of network traffic flowing over their nodes has increased drastically. With the development and popularization of network Technology, the management, maintenance and monitoring of network is Important to keep the network smooth and improve Economic efficiency. For this purpose packet sniffer is used. Packet sniffing is important in network monitoring to troubleshoot and to log network. Packet sniffers are useful for analyzing network traffic over wired or wireless networks. This paper focuses on the basics of packet sniffer; it’s working Principle which used for analysis Network traffic. Keywords- Packet capture, Traffic analysis, Libpcap, Network Monitoring, NIC, Promiscuous mode, Berkeley Packet Filter, Network analyzer, Packet sniffer. unresponsive to those packets do not belong to themselves by just ignoring. However, if the network interface...
Words: 2215 - Pages: 9
...IMPLEMENTATION OF PACKET SNIFFING IN JAVA USING JPCAP LIBRARY Project Report Submitted in Partial Fulfillment of the Requirement for the Award of Degree of Bachelor of Engineering in Computer Science Engineering of Rajiv Gandhi Proudyogiki Vishwavidalaya, Bhopal (MP) By Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) Department of Computer Science Engineering Jai Narain College of Technology, Bhopal June – 2012 DECLARATION We, Siddharth Pateriya and Swarna Swaminathan, the students of Bachelor of Engineering (Computer Science Engineering), Jai Narain College of Technology, Bhopal hereby declare that the work presented in this Major Project is an authentic record of our own and has been carried out taking care of Engineering Ethics under the guidance of Prof. Manish Mishra. Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) CERTIFICATE This is to certify that the work embodied in this Major Project entitled “Implementation of Packet Sniffing in Java using Jpcap Library” has been satisfactorily completed by the students of final year, Mr. Siddharth Pateriya and Ms.Swarna Swaminathan. The work was carried out satisfactorily under the supervision and guidance of the undersigned in the Department of Computer Science Engineering, Jai Narain College of Technology and Science, Bhopal for the partial...
Words: 8200 - Pages: 33
...Lab Assessment Questions & Answers 1. Name at least five applications and tools used in the lab. Tftpd64, Zenmap, NetWitness Investigator, OpenVAS, and Wireshark. 2. What is promiscuous mode? Promiscuous mode allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN). 3. How does Wireshark differ from NetWitness Investigator? Wireshark is a network packet analyzer, it will capture network packets and will try to display every detail of that packet. NetWitness Investigator is interactive threat analysis application, it provides the power to perform free-form contextual analysis of raw network data. 4. Why is it important to select the student interface in the Wireshark? When student is not selected the activity is from different computers on the server. When student is selected you get the activity from the computer you are using. 5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of 172.30.0.0/24? The command line syntax is nmap-t4-a-v172.30.0.0/24 2 | Lab #1: Performing Reconnaissance Using Common Tools 6. Name at least five different scans that may be performed with Zenmap. Intense Scan, Ping Scan, Quick Scan, Regular Scan, and Quick Scan Plus. 7. How many different tests (i.e., scripts) did your Intense Scan perform? 256 tests 8. Based on your interpretation of the Intense Scan, describe the purpose/results of each tests script performed during the report. ...
Words: 315 - Pages: 2
...Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots showing the HTTP GET and HTTP reply answer these questions: 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? 2. What languages (if any) does your browser indicate that it can accept to the server? 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? 4. What is the status code returned from the server to your browser? 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. Answer: no, I don’t see any in the HTTP Message below ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Client IP address Gaia server IP address Client running http 1.1 languages accepted Return status: 200 content: 128 bytes server running http 1.1 document last modified on this date ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. 2. The HTTP CONDITIONAL GET/response interaction Here’s a screenshot after doing the two identical HTTP GETs: First GET, then a reply, then another ...
Words: 1220 - Pages: 5
...© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Fundamentals of Information Systems SecurityNOTManualSALE OR DISTRIBUTION Lab FOR v2.0 NOT FOR SALE OR DISTRIBUTION Placeholder for inside cover and copyright page © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Copyright © 2014 by Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION LLC, an Ascend Learning Company. All rights reserved. OR DISTRIBUTION NOT...
Words: 95466 - Pages: 382
...Charles M. Krout June 17, 2014 Week 1 Lab: Clear-Text Data in Packet Trace Learning Objectives and Outcomes * You will learn how to identify clear-text data in a packet trace. * You will become familiar with the NetWitness Investigator interface. Assignment Requirements You need a computer and Internet access to complete this assignment. You are newly hired as a technology associate in the information systems department at Corporation Techs in Dallas, Texas. Corporation Techs is an IT services organization supporting a number of clients in the Dallas/Fort Worth area. It’s a Wednesday, a dull day where you have nothing much exciting to do. Suddenly, you get a call from your manager. He appreciates the work you have been doing so far and thinks that you have the ability to take on more challenging work. To complete challenging tasks, you need to become familiar with the tools of the trade. So, you need to learn about a new packet analyzer called NetWitness Inspector. First, you must download and install the NetWitness Investigator software, and then open a demo trace file and find a clear-text password. You must also explore the tools on the toolbar in NetWitness Investigator to understand the options available. Perform the following steps: 1. Download and install the free version of NetWitness Investigator from the NetWitness Corporation Web site: http://www.netwitness.com/products/investigator.aspx 2. Register and activate the software...
Words: 366 - Pages: 2
...Solution to Wireshark Lab: IP Fig. 1 ICMP Echo Request message IP information 1. What is the IP address of your computer? The IP address of my computer is 192.168.1.46 2. Within the IP packet header, what is the value in the upper layer protocol field? Within the header, the value in the upper layer protocol field is ICMP (0x01) 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. There are 20 bytes in the IP header, and 56 bytes total length, this gives 36 bytes in the payload of the IP datagram. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. The more fragments bit = 0, so the data is not fragmented. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? Identification, Time to live and Header checksum always change. 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? The fields that stay constant across the IP datagrams are: • Version (since we are using IPv4 for all packets) • header length (since these are ICMP packets) • source IP (since we are sending from the same source) • destination IP (since we are sending to the same dest) • Differentiated Services (since all packets are ICMP they use the same Type of Service class) • Upper Layer Protocol (since...
Words: 873 - Pages: 4
...No. Time 1 0.000000 Source Hewlett- 69:b3:1a Destination Broadcast Protocol Length Info ARP 60 Who has 192.168.1.4 Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Hewlett-_69:b3:1a (10:1f:74:69:b3:1a), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time 2 0.000000 Source 192.168.1.109 Destination 239.255.255.250 Protocol Length Info SSDP 175 M-SEARCH * HTTP/1.1 Frame 2: 175 bytes on wire (1400 bits), 175 bytes captured (1400 bits) Ethernet II, Src: IntelCor 56:de:52 (88:53:2e:56:de:52), Dst: IPv4mcast 7f:ff:fa (01:00:5e:7f:ff:fa Internet Protocol Version 4, Src: 192.168.1.109 (192.168.1.109), Dst: 239.255.255.250 (239.255.255. User Datagram Protocol, Src Port: 57629 (57629), Dst Port: ssdp (1900) Hypertext Transfer Protocol No. Time 3 0.000000 Source 192.168.1.125 Destination 173.194.67.109 Protocol Length Info TLSv1 90 Application Data Frame 3: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) Ethernet II, Src: Toshiba_ef:70:26 (e8:9d:87:ef:70:26), Dst: Cisco_17:a6:c5 (00:1c:b0:17:a6:c5) Internet Protocol Version 4, Src: 192.168.1.125 (192.168.1.125), Dst: 173.194.67.109 (173.194.67.10 Transmission Control Protocol, Src Port: 17396 (17396), Dst Port: imaps (993), Seq: 1, Ack: 1, Len: Source port: 17396 (17396) Destination port: imaps (993) [Stream index: 1] Sequence number: 1 (relative sequence number) [Next sequence number: 37 (relative sequence number)] Acknowledgement number: 1 (relative ack...
Words: 113549 - Pages: 455
...Wireshark Lab 10: UDP Submitted in Partial Fulfillment of the Requirements for CIS240 Networking Concepts Spring 2013 1. Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields. There are 4 fields in the UDP datagram 1) Source Port 2) Destination Port 3) UDP Datagram length 4) Checksum field 2. By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields. UDP Header Length = Source Port (2 bytes) + Destination Port (2 bytes) + Length Field (2 bytes) + Checksum field (2 bytes) = 8 bytes 3. The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet. The length field = 59 bytes – this is the sum of the UDP header (8 bytes) + UDP payload (in this case SMNP data 51 bytes) 4. What is the maximum number of bytes that can be included in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above) The length of the length field is 2 bytes or 216 – 1 less the header bytes = 65535 – 8 = 65527 bytes. This is in theory. In practice, due to avoiding fragmentation in Network layer, this is restricted to the MTU defined in data link layer...
Words: 478 - Pages: 2
...Assessment Worksheet Analyzing IP Protocols with Wireshark Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you exercised a wide variety of capabilities of the Wireshark packet capture and analysis software. In the first part of the lab, you learned about probe placement, clocking/timing issues, Wireshark traffic capture, and the use of filters. In the second part of the lab, you utilized a capture file to answer basic questions about key IP protocols and the basic configuration of the IP hosts from which traffic is captured. Finally, in the third part of the lab, you explored Wireshark on your own to answer a set of challenge questions. Lab Assessment Questions & Answers 1. What are some causes of the number of bytes on the wire exceeding the number of bytes being captured? It could mean that not everything is being captured or that partial or malformed packets have been captured. It is also possible that the computer that is running Wireshark is not capable of keeping up with the interface. 2. What are the source and destination MAC address in Frame 546? 00:22:fa:1c:eb:e6 01:00:5e:7f:ff:fa 3. What is the manufacturer-specific ID for Intel Core? 1c:eb:e6 4. What...
Words: 381 - Pages: 2