NET 101 - NETWORKING

_____________________________________________________________________________________

Install and Use Wireshark

1. Open a browser and go to wireshark.org. Download and install the current stable release, using
the appropriate version for your OS. At the time of this writing, the current stable release is 2.4.2.
If you’re using the same computer you used for Chapter 2, Project 2-4, the Wireshark installer
should recognize that you already have Npcap installed and will not offer to install WinPcap. If
you’re using a different computer, accept the WinPcap option and complete the WinPcap
installation when prompted. In the Wireshark setup window, you do not need USBPcap. Reboot
your computer to complete the Wireshark installation.
2. When installation is complete, open Wireshark. Note that while the Wireshark Legacy app might
also have been installed on your computer, we’ll use the Wireshark app for this and later projects.
3. In the Wireshark Network Analyzer window, select your network interface from the list. Then click
the shark-fin icon to start the capture, as shown in Figure 1.
4. While the capture is running, open your browser and navigate to cengage.com. Then open a
Command Prompt window and enter ping 8.8.8.8. Click the red box on the command ribbon to
stop the capture.

5. Notice the column headers along the top of the capture, as shown in Figure 2. Of particular
interest are the Source and Destination columns, the Protocol column, and the Info column. Find
a UDP message that has an IPv4 Source address and click on it. In the middle pane, click on
each line to expand that layer’s information. What pieces of information stand out to you? Which
device on your network do you think sent this message, and which device(s) received it?
As we can see that the UDP OSI layers(User Datagram Protocol) Contains 8 fields.
And the other OSI layers information have a different information packet trace.
<insert screenshot here>
1.
 NET 101 - NETWORKING
_____________________________________________________________________________________

Figure 3: Different highlight colors correspond to different protocols

6. To see a list of currently assigned highlight colors and to adjust these assignments, on the main
toolbar, click View and then click Coloring Rules. Here, you can change the priority for matching
protocols within a message to colors in the output pane (because more than one protocol is used
in each message), and you can assign colors that are easier to spot. In Figure 4, the background
color for ICMP is changed to a bright green. When you’re happy with your color selections, click
OK.
<insert screenshot here>
 NET 101 - NETWORKING
_____________________________________________________________________________________

7. To filter for a particular kind of message in your capture, type the name of the protocol in the Filter
box (identified in Figure 3). Figure 5 shows a filter for ICMP messages, which are currently
highlighted in bright green. These ICMP messages were generated when pinging another host on
the network. Try filtering for other protocols discussed in this and earlier chapters, and see how
many different types you can find in your capture. Click the red X to clear filters between
searches.
Which protocols did you find?
ICMPv6, ICMP, DNS, HTTP.
<insert screenshot here>
 NET 101 - NETWORKING
_____________________________________________________________________________________

Figure 5: Use a filter to narrow your search

8. To compare which OSI layers are represented by each of these protocols, apply a slightly more
complicated filter where you can see both HTTP messages and ICMP messages in the same
search. Enter the following phrase into the Filter box: http or icmp.
 NET 101 - NETWORKING
_____________________________________________________________________________________

<insert screenshot here>

9. Click on an ICMP message and count the layers of information available in the middle pane. In
Figure 6, there are four layers of information, which correspond to Layer 2 (Frame and Ethernet II)
and Layer 3 (Internet Protocol Version 4 and Internet Control Message Protocol).

10. Examine an HTTP message. Figure 7 shows five layers of information in the middle pane. This
time, Layer 7 (Hypertext Transfer Protocol) and Layer 4 (Transmission Control Protocol) are
 NET 101 - NETWORKING
_____________________________________________________________________________________

represented, in addition to Layer 3 (Internet Protocol Version 4) and Layer 2 (Ethernet II and
Frame).

<insert screenshot here>

 NET 101 - NETWORKING
_____________________________________________________________________________________

11. Recall that TCP is a connection-oriented protocol. You can filter a capture to follow a TCP stream
so you can see how these messages go back and forth for a single session. Clear your filter box,
and then find a TCP message. Right-click it, point to Follow, and click TCP Stream (see Figure 8).
Next, click Close to close the Follow TCP Stream window and notice that Wireshark has filtered
the capture for this stream’s messages.
<insert screenshot here>
 NET 101 - NETWORKING
_____________________________________________________________________________________

12. In the Info column, you can see both SYN and ACK flags, which you learned about in this chapter.
What is the purpose of these messages? Scroll to the bottom of the TCP stream. What flag
indicates the stream is ending?.
The purpose is use for indicate a particular state of connection and use for trouble shooting purpose
to handle a control of particular connection.

And the last flag that indicates the last stream ending is Z.

<insert screenshot here>

 NET 101 - NETWORKING
_____________________________________________________________________________________

13. Click on any message that includes a Source or Destination MAC address on the Ethernet II line
of output in the middle pane. What protocol is listed for the message you selected? Was
Wireshark able to resolve the name of the manufacturer for this device? If so, what is it?

- The protocol we selected is TCP