Scribd
Upload
74 views7 pages

Comptia Network+ Fall 2017 Wireshark Introduction: What Is Wireshark Used For?

Wireshark is a network packet analyzer used to examine network traffic and protocols. The document discusses using Wireshark to analyze a sample capture file. It examines the three main Wireshark windows, filters ICMP and TCP traffic, analyzes packet details like MAC addresses and protocols, and follows TCP streams of telnet and FTP sessions to view usernames and passwords. The purpose is to learn how to navigate Wireshark and examine common network protocols.

Uploaded by

Cameron Hulse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
74 views7 pages

Comptia Network+ Fall 2017 Wireshark Introduction: What Is Wireshark Used For?

Wireshark is a network packet analyzer used to examine network traffic and protocols. The document discusses using Wireshark to analyze a sample capture file. It examines the three main Wireshark windows, filters ICMP and TCP traffic, analyzes packet details like MAC addresses and protocols, and follows TCP streams of telnet and FTP sessions to view usernames and passwords. The purpose is to learn how to navigate Wireshark and examine common network protocols.

Uploaded by

Cameron Hulse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

CompTIA Network+

Fall 2017 Wireshark Introduction

 Answer all of the questions (these are in bold)


o Use your Snipping Tool when possible
o Change the color of the text of your answers or highlight the
answers
 Save the file as the default name when completed
 Upload to the Lab Wireshark dropbox

Learning Objectives:

 Examine Wireshark capabilities


 Review navigation in Wireshark
 Review TCP/IP protocols

1. Download the Wireshark capture file general_comm.pcap file from


D2L.
a. Open the file in Wireshark

What is Wireshark used for?

2. Examine the Wireshark interface and familiarize yourself with the


three main windows.

What are the three Windows?

Packet List Pane

Packet Details Pane

Packet Bytes Pane

How many packets are in the capture file?

Using the display filter, filter all packets except ARP.


(Type arp in the filter field.)

21,176

What does the ARP protocol do?

ARP Protocol takes a MAC address and attaches it to an IP address.


1
CompTIA Network+
Fall 2017 Wireshark Introduction
3. Double-click on frame 22. Find the following information in the
details pane:

What line indicates hexadecimal format?

What type of addresses are identified in the first line under


“Ethernet II”? Destination MAC Addresses

Which part of a MAC address shows the NIC vendor? The first three.

Why is an ARP request sent as a broadcast? It wants to fill the ARP


cache of the device.

What is the IP address of the sender?

Clear the filter.

A little bit about epoch time…. "Epoch" isn't a unit or format; it's a point
in time. Specifically, it's midnight UTC of January 1st, 1970. Unix timestamps
are just the number of seconds that have passed since that time. Subtract the
smaller one from the larger to find the difference in seconds, and multiply by
1000 to get the number of milliseconds.

4. Filter all ICMP packets.

What is the purpose of ICMP? It’s a diagnostic to check for errors


when packets are transmitting.

What is the purpose of an ICMP ping request? Measuring some time

5. Examine packet 13.

2
CompTIA Network+
Fall 2017 Wireshark Introduction
What is the destination MAC address?

What is the IP version?

aka. IPV4

What is the time to live?

What is the time to live field used for? IP Packets can not live forever
so they apply a counter aka the Time To Live to keep the packets from
building up. A counter that decreases by 1 every time it is inspected at
layer three through a router.

What is the protocol shown in the IP header?

3
CompTIA Network+
Fall 2017 Wireshark Introduction
What is the ICMP message type?

What does that message type indicate? That it is a type 8 or an “Echo


Request”

ICMP Message Types

Type Description ICMP Message Types

0 Echo Reply (Ping Reply, used with Type 8,


Ping Request)

3 Destination Unreachable

4 Source Quench

5 Redirect

8 Echo Request (Ping Request, used with Type


0, Ping Reply)

9 Router Advertisement (Used with Type 9)

10 Router Solicitation (Used with Type 10)

11 Time Exceeded

12 Parameter Problem

13 Timestamp Request (Used with Type 14)

14 Timestamp Reply (Used with Type 13)

4
CompTIA Network+
Fall 2017 Wireshark Introduction

Type Description ICMP Message Types

15 Information Request (obsolete) (Used with


Type 16)

16 Information Reply (obsolete) (Used with Type


15)

17 Address Mask Request (Used with Type 17)

18 Address Mask Reply (Used with Type 18)

5
CompTIA Network+
Fall 2017 Wireshark Introduction

What data was sent in ASCII?

6. Examine packet 14.

What is the destination MAC address?

What is the protocol showed in the IP header?

What is the ICMP message type?

What data was sent in ASCII?

Are packets 13 and 14 related? If so, explain how they are related.

7. Clear the current filter and find a telnet packet.

8. Right click on the telnet packet and choose Follow, then choose TCP
stream.

What happens?

What kind of device did the telnet session connect to?

What was the username and password for the device?

Close the window.

Note the filter that was applied. What do you see in the filter bar?

9. Examine packets 25-27.

What are the packets used for?

10. Clear the filter and apply a filter to examine FTP traffic.

11.Right click on one of the FTP packets and choose follow, TCP stream.

What is the username and password to login to the FTP session?

What type of device was being logged into?

6
CompTIA Network+
Fall 2017 Wireshark Introduction
How could you create a filter the shows both FTP and FTP-DATA?

How could you use the information from the capture to begin
compromising a network?

How could you use the information from the capture to make
security recommendations for the network?

You might also like