MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Installation of Wireshark, TCPdump and observe the data

EX. NO : 04
transferred in client-server communication using UDP/TCP and
Identify the UDP/TCP datagram.

AIM:

To install wireshark, TCPdump and observe the data transferred in client-server communication using
UDP/TCP and Identify the UDP/TCP datagram.

OBJECTIVE:

To learn and understand about installing install wireshark, TCPdump and observe the data transferred in
client-server communication using UDP/TCP and Identify the UDP/TCP datagram.

WIRESHARK:

Wireshark is an open-source tool for profiling network traffic and analyzing packets.Such tool is often
referred as a network analyzer, network protocol analyzer or sniffer.It is used to understand how
communication takes place across a network and to analyze what went wrong when an issue in
communication arises.It captures network traffic from ethernet, Bluetooth, wireless (IEEE.802.11), token
ring, and frame relay connections, among others, and stores that data for offline analysis.

Wireshark allows you to filter the log before the capture starts or during analysis, For example, you can set
a filter to see TCP traffic between two IP addresses, or you can set it only to show you the packets sent
from one computer. The filters in Wireshark are one of the primary reasons it has become the standard tool
for packet analysis.

INSTALLATION OF WIRESHARK:

Step 1: Your first step is to head to the Wireshark download page

https://www.wireshark.org/download.html and locate the Windows installer.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Step 2: You will be presented with the Wireshark wizard to guide you through the installation. Click
“Next.”

Step 3: Next, you can review, agree to the license agreement, and click “Noted” to continue.

Step 4: You will be asked what components you want to install. You can make your choice and then click
“Next.”

Step 5: Choose a directory to install Wireshark in, showing you the space required to install it.

Step 6: Install Ncap.

Ncap is an open-source library for packet capture and network analysis which allows Wireshark to capture
and analyze network traffic effectively. It enhances Wireshark’s capabilities by providing optimized
packet capture.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Step 7: The next screen will ask if you want to install USBPcap, an open-source USB packet capture
utility that lets you capture raw USB traffic, helping analyze and troubleshoot USB devices, this is not
mandatory.

Click “Install” to begin the installation.

Step 8: Wireshark will now begin the installation process. A window will pop up during installation to
install cap.

Step 9: Ncap will begin the Installation; click “Next” once complete.

Step 10: Wireshark will now complete its installation. Once complete, you can click “Next.”

Step 11: On the last window, click “Finish” to complete the setup.

Step 12: Wireshark will now be installed, and you can begin packet capturing.

When you install the wireshark program, the wireshark GUI with no data will be displayed.

Select one of the wireshark interface, eth0, eth1 will be displayed. Click “Start”for interface eth0 to begin
the Packet capture.All packets being sent/received from/by the computer are now being captured by
wireshark. Click ”Start”.

WIRESHARK USER INTERFACE:

The wireshark interface has 5 major components;

 The Command menus are the standard pulldown menus located at top.
 The Packet listing window displays a one-line summary for each packet captured, it includes
Packet number, Packet captured time, Packet’s source & destination address, Protocol type,

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Protocol specific information.

 The Packet header details window provides about packet selected in the packet listing window. It
includes details about Ethernet frame and IP datagram of the packet. If the packet has been carried
over by TCP/UDP, that details will also be displayed.
 Packet contents window display entire contents of the captured frame in both ASCII and
hexadecimal format.
 In the Packet display filter field, the protocol name or other information can be entered to filter
the information displayed in packet listing window.

Capturing Packets:

After installing and downloading wireshark, Launch it and click the name of an interface under Inyerface
List to start capturing packets.

Test Run:

Start any browser→ Start the wireshark software → Select an interface → Stop wireshark

packet capture once the browser has been displayed.

Inspecting Packets:

Click on any packet and go to the bottom pane.

Inspecting Packet flow:

We have a live packet data that contains all protocol message exchanged between your computer and other
network entities.

To filter the connection and to get a clear data type “http” in the filtering field.

Note that directly typing the destination will not work as wireshark doesn’t have ability to

discern the protocols field.

To get more precise data set http.host==www.netwoksecurity.edu

Right click on any packet → Select “Follow UDP Stream”.

Close the window, change filter back to “http.host==www.networksecurity.edu” follow a packet from the
list that matches the filter.Use “Contains with other protocols.”

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

TCPdump:

TCP (Transmission Control Protocol) facilitates the transmission of packets from source to destination.

Tcpdump is a command line utility that allows you to capture and analyze network traffic going through
your system. It is often used to help troubleshoot network issues, as well as a security tool.

It is a network monitoring and management utility that captures and records TCP/IP data on the run time.

Identifying UDP/TCP datagram:

IP packets have 8-bit header (Protocol for v4 and Next Header in v6) which determines which transport-
layer protocol is used in the payload. For example, if it’s 6, the payload is a TCP segment, and if it’s 17
then that is an UDP.

TCP is connection-oriented while UDP is connectionless.

TCP sends data in a particular sequence, whereas there is no fixed order for UDP protocol.

RESULT:

Thus, the installation of Wireshark, TCPdump and observing the data transferred in client-server
communication using UDP/TCP and Identifying the UDP/TCP datagram has been executed successfully.

Page No.: