Scribd
Upload
48 views7 pages

North South University: CSE 338 L: Data Communication & Network Lab

CSE 338L; Lab Class 4: More on TCP/IP packets, Packet Headers and Introduction to physical networking; North South University; Computer Networks

Uploaded by

Russel Peter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views7 pages

North South University: CSE 338 L: Data Communication & Network Lab

CSE 338L; Lab Class 4: More on TCP/IP packets, Packet Headers and Introduction to physical networking; North South University; Computer Networks

Uploaded by

Russel Peter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

North South University

CSE 338 L: Data Communication & Network Lab


Lab Class 4: More on TCP/IP packets, Packet Headers and Introduction to
physical networking
_____________________________________________________________________________________

Recap of Previous Class:


  Simple Computer networks
  IP Addressing and TCP/IP Packets
  Few built-in system tools to analyze network: ping, tracert, nslookup, ipconfig
  Introduction to Wireshark and Packet Sniffing
  Three filters of Wireshark:
 Protocol Filter – Just type in the name protocol in the filter box, i.e. http, tcp, udp
Source IP Filter – Use the following syntax ip.src == “ip address”, i.e.
 ip.src == 192.168.0.105
Destination IP Filter – Use the following syntax ip.dst == “ip address” i.e.
 ip.dst == 192.168.0.106
 Basic HTTP Packet Sniffing

Additional filters:
 contains – Does the protocol, field or slice contain a value
Example, http contains "https://www.wikipedia.org"

  matches – Does the protocol or text string match the given Perl regular expression
 ip.addr – Filter either source or destination IP address
 Example, ip.addr == 129.111.56.29
  http.request – Request for http pages
 http.request.method – Request method used to request the page i.e. GET/POST
 Example, http.request.method == "POST"
  http.response – Response for http request
 http.response.code – Http response by specific response code
Example, http.response.code == 200
 http.reponse.code < 500
 tcp.analysis.flags – Packets containing errors or some issues by Wiresharks’s analysis

Example 1: Analyze DNS and find out hosts IP Address from the
packets in contrast to previous class’s “nslookup”
1. Type www.google.com on your web browser
2. Apply the following filter – dns contains "google"
3. Look for the request packet like below, figure 1.

Prepared by Tousif Osman, edited by Md. Asimuzzaman


PC's IP Address DNS Server
Request

Response
Figure 1: DNS request and response packets
4. Arrow pointed to the right means sent packet (figure 1). If we click on the request packet
we would see the following information which is carried inside a DNS request packet

Figure 2: Sniffing in to DNS request packet for www.google.com

5. Packet having the arrow pointed to left while request packet is selected is the
response packet. Figure 3 shows the response packet of DNS request

Figure 3: DNS response packet sniffing

Prepared by Tousif Osman, edited by Md. Asimuzzaman


Exercise 2: Sniffing http packets of www.google.com and track
the packets to get complete packet stream
1. Typing in the following filter, “ip.addr == 216.58.213.99 and http”, using the
previously found IP would list the packets sending and receiving form that specific IP address.
Your PC'S IP Address IP Address after "=="

Figure 4: Incoming and outgoing packets from previously found IP

2. Clicking on the outgoing packet shows the HTTP request packet sent to google
server by your web browser. Please notice all the request fields carefully

Figure 5: HTTP request packet


3. Next click on the response packet while request packet is selected and observe the
response packet.

Prepared by Tousif Osman, edited by Md. Asimuzzaman


Figure 6: HTTP response packet

4. Right click on any of the packets and select the follow menu to track the packet stream

Figure 7: Selecting packets stream

5. Below figure shows the packet stream for the HTTP communication between google server.

Prepared by Tousif Osman, edited by Md. Asimuzzaman


Figure 8: Packet stream for the HTTP communication between google server

Exercise 3: Use rest of the filters to understand and learn their


usage.
1. Type in http.request and http.response in the filter box to get all the http
request and response packets
2. Type in http.request.method == GET and http.request.method == POST to
see the HTTP GET or POST request only

See pages with specific response code type http.response.code. List of Response
codes
200 OK
Standard response for successful HTTP requests. The actual response will depend on
the request method used. In a GET request, the response will contain an entity
corresponding to the requested resource. In a POST request, the response will contain
an entity describing or containing the result of the action.[7]
201 Created

The request has been fulfilled, resulting in the creation of a new resource. [8]

202 Accepted

The request has been accepted for processing, but the processing has not been
completed. The request might or might not be eventually acted upon, and may be
disallowed when processing occurs.
Prepared by Tousif Osman, edited by Md. Asimuzzaman
203 Non-Authoritative Information (since HTTP/1.1)

The server is a transforming proxy (e.g. a Web accelerator) that received a 200 OK from
its origin, but is returning a modified version of the origin's response.
204 No Content

The server successfully processed the request and is not returning any content.

205 Reset Content


The server successfully processed the request, but is not returning any content. Unlike
a 204 response, this response requires that the requester reset the document view.
206 Partial Content (RFC 7233)
The server is delivering only part of the resource (byte serving) due to a range header
sent by the client. The range header is used by HTTP clients to enable resuming of
interrupted downloads, or split a download into multiple simultaneous streams.
207 Multi-Status (WebDAV; RFC 4918)

The message body that follows is an XML message and can contain a number of
separate response codes, depending on how many sub-requests were made.
208 Already Reported (WebDAV; RFC 5842)

The members of a DAV binding have already been enumerated in a previous


reply to this request, and are not being included again.
226 IM Used (RFC 3229)
The server has fulfilled a request for the resource, and the response is a representation
of the result of one or more instance-manipulations applied to the current instance.

3. Type in to tcp.analysis.flags see packets that Wireshark marked as faulty

Exercise 4: Sniff packets while browsing/downloading images


and export the received image file.
1. Visit Google image search or any other page which contains image.
2. Download an image using “Save as”
3. Click on “File” and then “Export objects” in wireshark. Choose “HTTP”.
4. Try to save objects and retrieve the image you have downloaded.

Prepared by Tousif Osman, edited by Md. Asimuzzaman


Lab Tasks:
1. Get IP address of some domain name by sniffing packets
2. Find the request packet for that specific domain name
3. Find the response packets from that specific response
4. Get the packet stream of that specific HTTP transmission
5. Search something in google image https://www.google.com.bd/imghp, and sniff a picture

Prepared by Tousif Osman, edited by Md. Asimuzzaman

You might also like