Scribd
Upload
49 views6 pages

LAB ASSIGNMENT: Analyze The Network Traffic and Performance Parameters of Network Using Wireshark On Windows (Work On Live Captured Data)

The document provides instructions for a series of Wireshark labs analyzing network traffic. It includes capturing packets for HTTP requests, DNS queries, and DHCP transactions. Questions are provided to analyze the captured traffic and understand protocols like HTTP, TCP, and DHCP.

Uploaded by

TCS110-Riya Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
49 views6 pages

LAB ASSIGNMENT: Analyze The Network Traffic and Performance Parameters of Network Using Wireshark On Windows (Work On Live Captured Data)

The document provides instructions for a series of Wireshark labs analyzing network traffic. It includes capturing packets for HTTP requests, DNS queries, and DHCP transactions. Questions are provided to analyze the captured traffic and understand protocols like HTTP, TCP, and DHCP.

Uploaded by

TCS110-Riya Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

1. Explain how to create a .

pcap file in ns3 (Theory about code to


create pcap file Hint: EnablePcapAll() method. Refer
first.cc,second.cc and third.cc file)

2. Analyze network traffic of first and third (.pcap file )

2.1 Steps to capture live data packet.

2.2 Explain three sections of wireshark with an example

2.3 Perform at least 4 filter expression in wireshark tool on any


packet (live or offline)

frame.len < 1280


ip.addr==10.1.1.2
Udp
Tcp
ip.src==IP-address and ip.dst==IP-address
tcp.port eq 25
Icmp

2.4 Does Wireshark impact performance?


2.5 Flowgraph
2.6 I/O Graph

3. Use Wireshark and capture the packets by browsing


http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html to
answer the questions below:
a. Filter the packets using “http”
b. What version of HTTP is the server running?
c. What languages (if any) does your browser indicate that it can accept to the
server?
d. What is the IP address of your computer? What is the IP address of the
server?
e. What is the status code returned from the server to your browser? f. Is the
server returning any content? If so, how many bytes of content are being
returned to your browser?
f.When was the HTML file that you are retrieving last modified at the server?

4.Use Wireshark to capture the packets by browsing your college website


and answer the questions below:
a. Choose any packet. What is the IP address of the source and destination?
b. What is the value in the time-to-live (TTL) field in this IPv4 datagram’s header?
What does it means?
c. How many bytes are in the IP header?
d. How many bytes are in the payload of the IP datagram?
e. Explain how you determined the number of payload bytes

5. Use Wireshark to capture the packets by browsing


http://gaia.cs.umass.edu/wireshark-labs/HTTP-wiresharkfile2.html and
answer the questions below:
a. Filter the packets using “http”
b. Inspect the contents of the first HTTP GET request from your browser to the
server. Do you see an “IFMODIFIED-SINCE” line in the HTTP GET?
c. Inspect the contents of the server response. Did the server explicitly return the
contents of the file? How can you tell?
d. Now inspect the contents of the second HTTP GET request from your browser
to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET ? If
so, what information follows the “IF-MODIFIED-SINCE:” header?
e. What is the HTTP status code and phrase returned from the server in
response to this second HTTP GET? Did the server explicitly return the contents
of the file? Explain

6. Use Wireshark to capture the packets by browsing your college website


and answer the questions below:
a. Filter the packets using “DNS”
b. Locate the first DNS query message. What is the packet number in the trace
for the DNS query message? Is this query message sent over UDP or TCP?
c. Now locate the corresponding DNS response to the initial DNS query. What is
the packet number in the trace for the DNS response message? Is this response
message received via UDP or TCP?
d. What is the destination port for the DNS query message? What is the source
port of the DNS response message?
e. To what IP address is the DNS query message sent?

7. Download dhcp.pcap file from


https://www.cloudshark.org/captures/19585c567c37 (latest) and Use
Wireshark to answer the questions below:
a. Filter the packets using “dhcp”. Let’s start by looking at the DHCP Discover
message. Locate the IP datagram containing the first Discover message in your
trace.
b. Is this DHCP Discover message sent out using UDP or TCP as the underlying
transport protocol?

c. What is the source IP address and destination IP address used in the IP


datagram containing the Discover message? Is there anything special about this
address? Explain.
The source IP address used in the IP datagram containing the
Discover message is 0.0. 0.0 because the host doesn't have an IP
address assigned to it yet. The DHCP client broadcasts a
DHCPDISCOVER message on the network subnet using the
destination address 255.255.255.255

d. What is the value in the transaction ID field of this DHCP Discover message?

e. Now inspect the options field in the DHCP Discover message. What are five
pieces of information (beyond an IP address) that the client is suggesting or
requesting to receive from the DHCP server as part of this DHCP transaction?
The DHCP options field that the client is asking the DHCP server to
provide as part of the DHCP transaction will be
● Parameter Request List
● Maximum DHCP Message Size
● Client Identifier
● IP Address Lease Time
● Host Name

8. Download dhcp.pcap file from https://wiki.wireshark.org/gollum/search?


q=dhcp and Use Wireshark to answer the questions below:
a. What is the source IP address in the IP datagram containing this ACK
message? Is there anything special about this address? Explain.

The source IP address in the IP datagram containing the ACK (Acknowledgment)


message would typically be the IP address of the sender of the original data packet to
which this ACK is responding. The ACK message is a part of the TCP (Transmission
Control Protocol) communication, where it's used to acknowledge the successful
receipt of a segment or packet.

b. What is the destination IP address used in the datagram containing this ACK
message? Is there anything special about this address? Explain.

The destination IP address in the datagram containing the ACK message would typically
be the IP address of the recipient or the receiver of the original data packet for which
the ACK is sent.

c. What is the name of the field in the DHCP ACK message (as indicated in the
Wireshark window) that contains the assigned client IP address?

d. For how long a time (the so-called “lease time”) has the DHPC server
assigned this IP address to the client?

e. What is the IP address (returned by the DHCP server to the DHCP client in
this DHCP ACK message) of the first hop router on the default path from the
client to the rest of the Internet?
9. Use Wireshark to capture the packets by browsing any website and
answer the questions below http://gaia.cs.umass.edu/wireshark-labs/HTTP-
wireshark-file1.html
:
a. Filter the packet using “http”. Answer the following questions, based on the
contents of the Ethernet frame containing the HTTP GET message.
b. What is the 48-bit Ethernet address of your computer?
c. What is the 48-bit destination address in the Ethernet frame?
d. Is this the Ethernet address of gaia.cs.umass.edu? What device has this as its
Ethernet address?
e. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?

10. Use Wireshark to capture the packets by browsing any website and
answer the questions below:
a. Select any UDP packet. Find how many fields are there in the UDP header
and Name these fields.
The UDP header contains 4 fields: source port, destination port,
length, and checksum. 2. From the packet content field, determine the
length (in bytes) of each of the UDP header fields. Each of the UDP
header fields is 2 bytes long.

b. Determine the length of each of the UDP header fields.

c. What the value in the length field indicate? What is the length of UDP payload

d. What is the maximum number of bytes that can be included in a UDP payload

The maximum number of bytes that can be included in a UDP payload is (2^16 –
1) bytes plus the header bytes. This gives 65535 bytes – ?? = ?? bytes.

e. What is the largest possible source and destination port number?


11. From https://wiki.wireshark.org/SampleCaptures#tcp, download
200722_tcp_anon.pcapng file, use wireshark to answer the questions
below:
a. What is the IP address and TCP port number used by the client?
b. What is the IP address and TCP port number used by the server?
c. What is the sequence number of the TCP SYN segment that is used to initiate
the TCP connection between the client computer and server? What is it in the
segment that identifies the segment as a SYN segment?
d. What is the sequence number of the TCP SYNACK segment sent by server to
the client computer in reply to the SYN? What is the value of the
ACKnowledgement field in the SYNACK segment?
e. How did the server determine that value? What is it in the segment that
identifies the segment as a SYNACK segment?

Content beyond
Syllabus :https://maxwellsullivan.wordpress.com/2013/04/07/wireshark-lab-9-
dhcp/

You might also like