Lab Assignmnet Netcom
Lab Assignmnet Netcom
Lab Assignmnet Netcom
Submitted to,
Prof. ARUN KUMAR
Submitted By:-
NAME:M.YASWANTH
REG NO:19BCE0656
Wireshark is an open-source network protocol analysis software program started by Gerald
Combs in 1998. Wireshark is a packet sniffer and analysis tool. It captures network traffic on the
local network and stores that data for offline analysis. Wireshark captures network traffic from
Ethernet, Bluetooth, Wireless (IEEE.802.11), Token Ring, Frame Relay connections, and more.
No.: This is the number order of the packet that got captured. The bracket indicates that this
packet is part of a conversation.
Time: This column shows you how long after you started the capture that this packet got
captured.
Source: This is the address of the system that sent the packet.
Protocol: This is the type of packet, for example, TCP, DNS, ARP
etc.Length: This column shows you the length of the packet in bytes.
Info: This column shows you more information about the packet contents, and will vary
depending on what kind of packet it is.
b) Packet Details
The above figure shows the packet details of the 4th packet captured. The packet details are
mainly divided into 4 parts that are the frame/packet with its number, the Ethernet which shows
source and destination of the packet, the IP version i.e. IPv4 or IPv6 and the protocol type
(TCP, UDP, ARP etc.).
The Frame part further shows the frame length, capture length in bytes, arrival time of the packet
and interface description such as Ethernet, Wifi etc.
The Ethernet part shows the destination name and address, source name and address and the
typeof IP address that is either IPv4 or IPv6.
The internet protocol version gives the IP version and the source and destination address,
headerlength in bytes, fragment offset and header checksum value.
Next the protocol type tells the type of protocol e.g. TCP or ARP etc. source port and destination
port number. It also gives sequence number and acknowledgement number.
c) Capture Filter Properties
d) Wireshark I/O graph
e) Traceroute using Wireshark
f) Sequence Number (TCP trace)
G) Displaying All Addresses
Using Wireshark to Observe the TCP 3
Topology
Objectives
Part 1: Prepare Wireshark to Capture Packets
• Select an appropriate NIC interface to capture packets.
Part 2: Capture, Locate, and Examine Packets
• Capture a web session to www.google.com.
• Locate appropriate packets for a web session.
• Examine information within packets, including IP addresses, TCP port numbers, and TCP control flags.
Background / Scenario
In this lab, you will use Wireshark to capture and examine packets generated between the PC browser using
the HyperText Transfer Protocol (HTTP) and a web server, such as www.google.com. When an application,
such as HTTP or File Transfer Protocol (FTP) first starts on a host, TCP uses the three-way handshake to
establish a reliable TCP session between the two hosts. For example, when a PC uses a web browser to surf
the Internet, a three-way handshake is initiated and a session is established between the PC host and web
server. A PC can have multiple, simultaneous, active TCP sessions with various web sites.
Note: This lab cannot be completed using Netlab. This lab assumes that you have Internet access.
Required Resources
1 PC (Windows 7, Vista, or XP with a command prompt access, Internet access, and Wireshark installed)
c. In the Wireshark: Capture Interfaces window, click the check the box next to the interface connected to
your LAN.
Note: If multiple interfaces are listed and you are unsure which interface to check, click Details. Click the
802.3 (Ethernet) tab, and verify that the MAC address matches what you wrote down in Step 1b. Close
the Interface Details window after verification.
Step 3: Examine information within packets including IP addresses, TCP port numbers, and
TCP control flags.
a. In our example, frame 15 is the start of the three-way handshake between the PC and the Google web
server. In the packet list pane (top section of the main window), select the frame. This highlights the line
and displays the decoded information from that packet in the two lower panes. Examine the TCP
information in the packet details pane (middle section of the main window).
b. Click the + icon to the left of the Transmission Control Protocol in the packet details pane to expand the
view of the TCP information.
c. Click the + icon to the left of the Flags. Look at the source and destination ports and the flags that are set.
Note: You may have to adjust the top and middle windows sizes within Wireshark to display the
necessary information.
What is the TCP source port number? El Puerto de Origen ES 49523
How would you classify the source port? Dinámico o Privado
What is the TCP destination port number? Puerto 80
How would you classify the destination port? Conocido, Registrado (Http O Protocolo Web)
Which flag (or flags) is set? Indicador SYN
What is the relative sequence number set to? 0
d. To select the next frame in the three-way handshake, select Go on the Wireshark menu and select Next
Packet In Conversation. In this example, this is frame 16. This is the Google web server reply to the
initial request to start a session.
What are the values of the source and destination ports? El puerto de origen es 80 y el puerto de
destino es 49523.
Which flags are set?
El indicador de acuse de recibo (ACK) y el indicador de sincronización (SYN).
What are the relative sequence and acknowledgement numbers set to?
El número de secuencia relativa es 0 y el número de acuse de recibo es 1.
e. Finally, examine the third packet of the three-way handshake in the example. Clicking frame 17 in the top
window displays the following information in this example:
several data link layer protocols, such as SDLC and Ethernet. The objective of this Activity is
for you to see the data link layer frames in action on your network.
Wireshark is one of the many tools that permit users to examine the frames in their network.
It is called a packet sniffer because it enables you to see inside the frames and packets that
your computer sends, as well as the frames and packets sent by other users on your LAN. In
other words, you can eavesdrop on the other users on your LAN to see what Web sites they
visit and even the email they send. We don’t recommend using it for this reason, but it is
important that you understand that someone else could be using Ethereal to sniff your
packets to see and record what you are doing on the Internet.
1. Use your browser to connect to www.wireshark.org and download and install the
Wireshark software.
2. When you start Wireshark you will see a screen like that in Figure 4.14, minus the two
smaller windows on top.
a. Click Capture
b. Click Interfaces
c. Click the Capture button beside your Wireshark connection (wireless LAN or
traditional LAN).
3. Wireshark will capture all packets moving through your LAN. To make sure you have
something to see, open your Web browser and visit one or two Web sites. After you
have captured packets for 30–60 seconds, return to Wireshark and click Stop.
4. Fig shows the packets captured on my home network. The top window in Wireshark
displays the complete list of packets in chronological order. Each packet is numbered;
I’ve scrolled the window, so the first packet shown is packet 11. Wireshark lists the time,
the source IP address, the destination IP address, the protocol, and some additional
information about each packet. The IP addresses will be explained in more detail in the
next chapter.