Scribd
Upload
23 views16 pages

Wireshark Lab-1

The document contains a detailed analysis of network protocols including ARP, HTTP, DNS, and SMTP, performed by Jay Amitkumar Soni. It includes specific data such as IP addresses, packet counts, and command usages, along with screenshots for justification. The findings also highlight the types of requests made and responses received during the analysis.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views16 pages

Wireshark Lab-1

The document contains a detailed analysis of network protocols including ARP, HTTP, DNS, and SMTP, performed by Jay Amitkumar Soni. It includes specific data such as IP addresses, packet counts, and command usages, along with screenshots for justification. The findings also highlight the types of requests made and responses received during the analysis.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

ARP
1. From the arp-storm file find out the following data (Justify your answer with screen shot)

Sender IP Address 24.166.172.1

Protocol Type IPv4

Sender H/W Address Cisco_af:f4:54 (00:07:0d:af:f4:54)

Hardware Type Ethernet (1)

Hardware Address Length 6 bytes

Protocol Address Length 4 bytes

Target Hardware Address(0-1 Octets) 00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP Address 24.166.173.159

Operation Type(Operation Code) request (1)

Count the number of packets contains Only 1 packet


24.166.173.159 IP address

1|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down the usage of arp command.

-> ARP command is used to find out the MAC address of a device based on its IP Address. It
broadcasts the “Who has <ip address>” to the whole network and the device with that given IP
address sends a response packet.

3. From HTTPDEMO file find out the following information.

4. Find out http GET method for both source ip and destination ip. Include a screenshot.

-> Source IP: 192.168.0.81, Destination IP: 35.154.56.127

2|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

5. Find out http POST method for both source ip and destination ip Include a screenshot.

-> No http POST method found!

6. What is the Internet address of your computer? Include a screenshot and describe where you got
the data to answer this question.

-> It’s 103.250.137.41. I got it by using curl command on a website called ifconfig.me that gives us
our public IP address. We can even visit it via browser to get more info.

7. How many packets did you capture (total of all protocols, not just HTTP)?

-> 93,596 packets

3|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

8. How many packets did you capture?


-> 93,596 packets

Were all of them HTTP?


-> No

How many HTTP requests did you make?


-> 61 HTTP requests

Were all the replies "200 OK"?


-> No, some responses were 301 Moved Permanently as well as 404 Not Found.

Did you find anything else interesting?

-> I found Simple Service Discovery Protocol (SSDP) containing M-SEARCH and NOTIFY methods.
M-SEARCH method is used to Discover all the Microservices while NOTIFY method is used to tell the
service registry about the available Microservice.

4|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

9. Inspect the contents of the first HTTP GET request from your browser to the server. Is there an “IF-
MODIFIED-SINCE” header line in the HTTP GET message? Why or why not?

-> There is no “IF-MODIFIED-SINCE” header line in first HTTP method.


Reason being, since it’s a first request, the content must be loaded from the server.
Next time, if there is no modification in the html file, the content can be loaded from the local cache
itself.

10. Count the total number of HTTP GET requests.

5|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

DNS
1. Find

(1) the name and IP address of the DNS server that provides the answer; and

-> Name: gtu.ac.in, IP address: 192.168.43.115

(2) the answer itself, which is the host name and IP address of www.gtu.ac.in. Response came from
the local DNS server; it is quite possible that this local DNS server iteratively contacted several other
DNS servers to get the answer.

-> Yes, the response came from local DNS server having IP address 192.168.43.115.

6|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down the usage of ipconfig (for Windows) command. show your current TCP/IP information,
including your address, DNS server addresses, adapter type and so on.

-> ipconfig command is used to check all the local network information like default gateway, local IP
address, subnet mask, DNS server addresses, adapter type etc.

7|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Execute Ipconfig /all command and take screenshot.

8|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Domain Name: gap-prime- 40.29.221.111.in-addr.arpa


finance.msnint.com
IP address of DNS server 192.168.43.115
Host name of www.gtu.ac.in gtu.ac.in
IP address of www.gtu.ac.in 13.234.127.224 / 35.154.216.89
Source IP address 192.168.43.115
Destination IP address 192.168.43.208
Adapter Type Ethernet

What is the destination port for the DNS query message? What is the source port of DNS response
message?

-> Destination port for DNS query message is 53. Source port of DNS response message is also 53
since its coming from the same server.

9|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

To what IP address is the DNS query message sent?

-> DNS query message is sent to 192.168.43.115.

Locate the DNS query and response messages. Are then sent over UDP or TCP?
-> They are sent over UDP

10 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?

-> 2 answers are provided, each one contains an type A address to access the gtu.ac.in server.

Domain name gtu.ac.in


IPV4 address 13.234.127.224 / 35.154.216.89
IPV6 address Not found
Destination Server port number 51470

11 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

SMTP
1. Find out the information from smtp file. (Justify your answer with screen shot).

Find out source IP Address 10.10.1.4


Destination IP Address 74.53.140.153
Destination smtp port number 25
Find out user name Z3VycGFydGFwQHBhdHJpb3RzLmlu
Find out password cHVuamFiQDEyMw==
Mail From [email protected]
Mail To [email protected]
UDP destination port 53
UDP source port 56166
DNS query mail.patriots.in: type A
Display and count only those packets 30 Packets
whose destination ip is 10.10.1.4
Ethernet source address CradlePoint_3c:17:c2 (00:e0:1c:3c:17:c2)
Filter packet whose source ip is 25 Packets
74.53.140.153
Filter packet whose source ip is 58 Packets
74.53.140.153 and 10.10.1.4

12 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

13 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

14 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down and list out all IP header information for IP packets (Attach screen shot) maximum the
information more the mark.

-> Below is all the IP Header information I found:

0100 .... = Version: 4


.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 62
Identification: 0x250a (9482)
000. .... = Flags: 0x0
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 128
Protocol: UDP (17)
Header Checksum: 0xff8c [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.10.1.4
Destination Address: 10.10.1.1
[Stream index: 0]

15 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

3. Analyze Ethernet header and display and list out all Header information.

-> Below is the list of Ethernet II header information:

Destination: Netgear_d9:81:60 (00:1f:33:d9:81:60)


Source: CradlePoint_3c:17:c2 (00:e0:1c:3c:17:c2)
Type: IPv4 (0x0800)
[Stream index: 0]

Thank You

16 | P a g e

Computer Networks (2321101124), SVG University, MCA Department

You might also like