Enrollment No:-230170132036

Vishwakarma Government Engineering College,

Chandkheda
Informa on Communica on Technology Department

Subject: DCCN (3143201)

Assignment-3

Name:-Patel jenilkumar shaileshkumar

Faculty - J.K.Naik
ti
ti
 Enrollment No:-230170132036

1. Capture and analyze ICMP protocol tra c using

Wireshark

Capturing and Analyzing ICMP Protocol Tra c Using

Wireshark
The Internet Control Message Protocol (ICMP) is a
network layer protocol used for diagnos cs, error
repor ng, and troubleshoo ng. It is commonly used in
commands such as ping and traceroute.
Steps to Capture ICMP Tra c in Wireshark
1. Open Wireshark
o Launch Wireshark on your system.
2. Select the Network Interface
o Choose the correct network interface (e.g.,
Ethernet or Wi-Fi).
3. Set a Capture Filter (Op onal)
o To capture only ICMP tra c, enter the following
lter before star ng the capture:
icmp
fi
ti
ti
ti
ffi
ffi
ti
ffi
ti
ffi
 Enrollment No:-230170132036

o This ensures that only ICMP packets are captured,

reducing unnecessary data.
4. Start the Capture
o Click the Start bu on to begin capturing packets.
5. Generate ICMP Tra c
o Open a command prompt or terminal and use the
ping command:
▪ Windows/Linux/macOS:
ping 8.8.8.8
▪ This sends ICMP Echo Requests to Google's
public DNS server (8.8.8.8).
6. Stop the Capture
o A er a few seconds, stop the capture in Wireshark
by clicking the Stop bu on.

Analyzing ICMP Packets in Wireshark

1. Locate ICMP Packets in the Packet List
o Look for ICMP packets in the main capture window.
o Echo Request (Type: 8) and Echo Reply (Type: 0)
packets are commonly used.
2. Inspect Packet Details
o Click on an ICMP packet to view detailed
informa on in the packet details pane.
ft
ti
tt
ffi
tt
 Enrollment No:-230170132036

o Key elds to analyze:

▪ Type and Code: De nes the ICMP message
type (e.g., Echo Request, Echo Reply,
Des na on Unreachable).
▪ Checksum: Ensures data integrity.
▪ Iden er & Sequence Number: Helps match
Echo Requests with Replies.
▪ Time-to-Live (TTL): Shows the remaining hops
before the packet is discarded.
3. Follow ICMP Conversa ons
o Right-click on a packet → Follow → ICMP Stream to
see the request-reply ow.
4. Use Display Filters for Advanced Analysis
o Filter by ICMP type:
icmp.type == 8 // Echo Request
icmp.type == 0 // Echo Reply
o Filter by IP address:
ip.addr == 8.8.8.8
5. Check Round Trip Time (RTT)
o In Sta s cs → IO Graphs, you can analyze the
latency of ICMP responses.

Conclusion
ti
fi
ti
ti
fi
ti
ti
fi
fl
ti
Enrollment No:-230170132036

Wireshark provides a powerful way to capture and

analyze ICMP tra c. Understanding ICMP behavior helps
in diagnosing network issues such as connec vity
problems, packet loss, and rewall rules.
ffi
fi
ti
Enrollment No:-230170132036

2. Capture and analyze HTTP protocol tra c using

Wireshark

Capturing and Analyzing HTTP Protocol Tra c Using

Wireshark
ffi
ffi
 Enrollment No:-230170132036

The Hypertext Transfer Protocol (HTTP) is a widely used

applica on-layer protocol for communica on between
web clients (browsers) and web servers. Wireshark can
help analyze HTTP requests and responses, which is
useful for troubleshoo ng and security analysis.

Steps to Capture HTTP Tra c in Wireshark

1. Open Wireshark
• Launch Wireshark on your system.
2. Select the Appropriate Network Interface
• Choose your ac ve network interface (e.g., Wi-Fi or
Ethernet).
3. Apply a Capture Filter (Op onal but Recommended)
• To capture only HTTP tra c, use the lter:
port 80
o This ensures that Wireshark only captures HTTP
tra c (which uses TCP port 80).
4. Start Packet Capture
• Click the Start bu on to begin capturing packets.
5. Generate HTTP Tra c
• Open a web browser (Chrome, Firefox, Edge, etc.) and
visit a non-HTTPS website (HTTP-only).
o Example:
ffi
ti
ti
tt
ffi
ti
ffi
ffi
ti
fi
ti
 Enrollment No:-230170132036

h p://example.com
o Since most modern websites use HTTPS (port 443),
you may need to use an older or internal site that
s ll supports HTTP.
o Alterna vely, set up a local HTTP server using
Python:
python -m h p.server 80
o Then access h p://localhost in your browser.
6. Stop the Capture
• Once you have generated enough tra c, click Stop in
Wireshark.

Analyzing HTTP Packets in Wireshark

1. Locate HTTP Packets
• In the Packet List pane, look for GET, POST, and
response packets.
• HTTP packets typically show up with the "HTTP" label in
the Protocol column.
2. Apply a Display Filter for HTTP Tra c
• To lter captured tra c for only HTTP packets, use:
h p
• To lter HTTP GET requests:
h p.request.method == "GET"
ti
tt
tt
tt
fi
fi
ti
tt
tt
ffi
ffi
ffi
 Enrollment No:-230170132036

• To lter HTTP POST requests:

h p.request.method == "POST"
• To lter HTTP responses:
h p.response
3. Inspect HTTP Requests
• Click on a GET or POST request in the Packet List pane.
• In the Packet Details pane, expand the Hypertext
Transfer Protocol sec on.
• Key elds to analyze:
o Request Method (GET, POST, etc.)
o Request URI (The requested resource)
o Host (The website domain)
o User-Agent (Browser informa on)
4. Inspect HTTP Responses
• Click on a HTTP/1.1 200 OK response packet.
• Expand the Hypertext Transfer Protocol sec on.
• Important elds:
o Status Code (e.g., 200 OK, 404 Not Found, 500
Internal Server Error)
o Content-Type (e.g., text/html, applica on/json)
o Server (Indicates web server type, e.g., Apache,
Nginx)
tt
tt
fi
fi
fi
fi
ti
ti
ti
ti
 Enrollment No:-230170132036

5. Follow HTTP Stream for Complete Conversa ons

• Right-click on an HTTP request packet → Follow → HTTP
Stream.
• This shows the en re HTTP exchange, including headers
and payload.
6. Extract HTTP Data (Images, Files, etc.)
• If the response contains an image or le, you can export
it:
o File → Export Objects → HTTP
o Select the le and save it.

Conclusion
Wireshark is a powerful tool for capturing and analyzing
HTTP tra c. By ltering and inspec ng requests and
responses, you can troubleshoot web communica on
issues, analyze website behavior, and even extract data.
ffi
fi
fi
ti
ti
fi
ti
ti
 Enrollment No:-230170132036

3. Capture and analyze ARP protocol tra c using Wireshark

Capturing and Analyzing ARP Protocol Tra c Using Wireshark

The Address Resolu on Protocol (ARP) is a network layer protocol used to map an IP
address to a corresponding MAC address. It plays a crucial role in local network
communica on. Wireshark allows you to capture and analyze ARP packets to troubleshoot
network connec vity issues and detect poten al security threats like ARP spoo ng.
ti
ti
ti
ffi
ffi
ti
fi
 Enrollment No:-230170132036

Steps to Capture ARP Tra c in Wireshark

1. Open Wireshark
• Launch Wireshark on your computer.
2. Select the Network Interface
• Choose the appropriate interface (e.g., Wi-Fi or Ethernet).
3. Set a Capture Filter (Op onal but Useful)
• To capture only ARP tra c, enter the following lter before star ng the capture:
arp
o This ensures that Wireshark only captures ARP packets, reducing unnecessary data.
4. Start Capturing Packets
• Click the Start bu on to begin capturing ARP packets.
5. Generate ARP Tra c
• Open a command prompt or terminal and run the following:
o Windows:
arp -a
Ping a Local Device:
ping <IP_of_local_device>

▪ If the MAC address of the des na on is not cached, an ARP request is sent.
6. Stop the Capture
• A er genera ng some ARP tra c, click the Stop bu on in Wireshark.

Analyzing ARP Packets in Wireshark

1. Locate ARP Packets in the Packet List
• Look for packets labeled "ARP" in the Protocol column.
2. Apply a Display Filter for ARP Packets
• If you didn't use a capture lter, you can s ll lter ARP tra c a er capture:
nginx
CopyEdit
arp
3. Inspect ARP Request Packets
• Click on an ARP Request packet and examine the details:
ft
ti
tt
ffi
ffi
ffi
ti
fi
ti
ffi
ti
ti
fi
fi
tt
ffi
ft
ti
 Enrollment No:-230170132036

o Sender MAC Address: The device asking for the MAC address.
o Sender IP Address: The IP address associated with the sender.
o Target MAC Address: 00:00:00:00:00:00 (unknown, reques ng resolu on).
o Target IP Address: The IP address being queried.
o Opera on (Opcode): 1 (Request).
4. Inspect ARP Reply Packets
• Click on an ARP Reply packet and check:
o Sender MAC Address: The device responding with its MAC address.
o Sender IP Address: The IP address being resolved.
o Target MAC Address: The original requester's MAC address.
o Target IP Address: The original requester's IP.
o Opera on (Opcode): 2 (Reply).
5. Detect ARP Spoo ng or A acks
• If you no ce mul ple ARP responses with di erent MAC addresses for the same IP, it might
indicate ARP spoo ng (man-in-the-middle a ack).
• Use this lter to check for duplicate IPs with di erent MACs:
arp.duplicate-address-detected

Conclusion
Wireshark makes it easy to analyze ARP requests and replies, troubleshoot network issues,
and detect security threats like ARP spoo ng. ARP is essen al for device communica on
within a local network, and monitoring it can help iden fy connec vity problems.
ti
ti
fi
ti
ti
fi
fi
tt
fi
tt
ff
ff
ti
ti
ti
ti
ti
ti
Enrollment No:-230170132036
 Enrollment No:-230170132036

4. Capture and analyze TCP protocol tra c using Wireshark.

Capturing and Analyzing TCP Protocol Tra c Using Wireshark

The Transmission Control Protocol (TCP) is a transport-layer protocol that provides reliable,
ordered, and error-checked delivery of data over the internet. Wireshark is an essen al tool
for capturing and analyzing TCP tra c to troubleshoot network issues, op mize
performance, and detect anomalies.

Steps to Capture TCP Tra c in Wireshark

1. Open Wireshark
• Launch Wireshark on your system.
2. Select the Appropriate Network Interface
• Choose your ac ve network interface (e.g., Wi-Fi or Ethernet).
3. Set a Capture Filter (Op onal but Recommended)
• If you only want to capture TCP tra c, use the following lter:
tcp
o This ensures that Wireshark only captures TCP packets, reducing unnecessary data.
4. Start Packet Capture
• Click the Start bu on to begin capturing packets.
5. Generate TCP Tra c
• Open a web browser and visit any website (e.g., h p://example.com).
• Alterna vely, use the telnet command to establish a TCP connec on:
telnet google.com 80
• Or download a le to observe TCP tra c in ac on.
6. Stop the Capture
• Once you've collected enough data, click the Stop bu on in Wireshark.

Analyzing TCP Packets in Wireshark

1. Locate TCP Packets in the Packet List
• Look for packets labeled "TCP" in the Protocol column.
ti
ti
fi
tt
ffi
ffi
ti
ffi
ffi
ffi
ffi
ffi
ti
tt
tt
fi
ti
ti
ti
 Enrollment No:-230170132036

2. Apply a Display Filter for TCP Tra c

• To lter TCP packets:
tcp
• To lter packets from a speci c IP:
ip.addr == 192.168.1.1
• To lter packets for a speci c port (e.g., HTTP - port 80):
tcp.port == 80
3. Analyze TCP Three-Way Handshake
The TCP connec on setup follows a three-step handshake:
1. SYN (Client requests connec on)
2. SYN-ACK (Server acknowledges request)
3. ACK (Client con rms connec on)
• Use this lter to nd handshake packets:
tcp. ags.syn == 1
• Click on a SYN packet and check:
o Source/Des na on IP and Port
o Sequence and Acknowledgment Numbers
4. Analyze TCP Data Transfer
• Look at TCP segments to analyze data ow.
• Iden fy retransmissions (indica ng network issues):
tcp.analysis.retransmission
5. Analyze TCP Connec on Termina on
• TCP connec ons are closed using a four-step FIN handshake:
o FIN → ACK → FIN → ACK
• Use this lter to locate FIN packets:
tcp. ags. n == 1
• If you see RST packets, it means the connec on was abruptly closed:
tcp. ags.reset == 1
6. Follow a TCP Stream
• Right-click on a TCP packet → Follow → TCP Stream
• This reconstructs the en re conversa on between client and server.
fi
fi
fi
fl
fl
fl
ti
fi
fi
fi
ti
ti
fi
ti
ti
fi
ti
ti
fi
ti
ti
fi
ti
ffi
ti
ti
fl
ti
 Enrollment No:-230170132036

Conclusion
Wireshark allows deep inspec on of TCP tra c, helping diagnose connec on issues,
retransmissions, and performance bo lenecks. Understanding TCP behavior is crucial for
troubleshoo ng networks and analyzing web tra c.
ti
ti
tt
ffi
ffi
ti
 Enrollment No:-230170132036

5. Capture and analyze IP protocol tra c using Wireshark

The Internet Protocol (IP) is the founda on of network communica on, responsible for
addressing and rou ng packets between devices. In Wireshark, you can capture and analyze
IP tra c to diagnose network issues, monitor data ow, and detect poten al threats.
ffi
ti
ffi
ti
fl
ti
ti
 Enrollment No:-230170132036

Steps to Capture IP Tra c in Wireshark

1. Open Wireshark
• Launch Wireshark on your system.
2. Select the Network Interface
• Choose your ac ve network interface (e.g., Wi-Fi or Ethernet).
3. Apply a Capture Filter (Op onal but Recommended)
• To capture only IP tra c, use this lter before star ng the capture:
ip
o This captures both IPv4 and IPv6 packets.
o If you want only IPv4 tra c:
ip.version == 4
o If you want only IPv6 tra c:
ip.version == 6
4. Start Capturing Packets
• Click the Start bu on to begin packet capture.
5. Generate IP Tra c
• Open a browser and visit a website.
• Use the ping command to send IP packets:
ping 8.8.8.8 (For IPv4)
ping -6 google.com (For IPv6)
• Download a le or stream a video to generate more tra c.
6. Stop the Capture
• A er collec ng enough packets, click Stop in Wireshark.

Analyzing IP Packets in Wireshark

1. Locate IP Packets in the Packet List
• Look for packets labeled "IPv4" or "IPv6" in the Protocol column.
2. Apply Display Filters for IP Tra c
• Show only IPv4 packets:
ip
• Show only IPv6 packets:
ipv6
ft
ti
fi
ti
tt
ffi
ffi
ffi
ffi
ffi
ti
ffi
fi
ti
ffi
 Enrollment No:-230170132036

• Filter by a speci c IP address:

ip.addr == 192.168.1.1
• Filter by source IP:
ip.src == 192.168.1.1
• Filter by des na on IP:
ip.dst == 8.8.8.8
3. Inspect the IP Header
• Click on an IP packet and expand the Internet Protocol sec on.
• Key elds to analyze:
o Source IP Address: The sender's IP.
o Des na on IP Address: The recipient's IP.
o Time to Live (TTL): Limits the packet's lifespan.
o Protocol Field: Indicates the transport-layer protocol (e.g., TCP = 6, UDP = 17, ICMP =
1).
o Iden ca on & Flags: Helps with packet fragmenta on and reassembly.
4. Detect Fragmented Packets
• If a packet is too large, it is fragmented into smaller parts.
• Use this lter to nd fragmented IP packets:
ip. ags.mf == 1 || ip.frag_o set > 0
• Reassemble fragmented packets by checking the Iden ca on eld.
5. Analyze Tra c Flow
• Go to Sta s cs → IPv4 Sta s cs → IP Des na ons to see tra c pa erns.
• Use IO Graphs to visualize network ac vity.
6. Detect Network Issues
• High TTL values might indicate rou ng ine ciencies.
• Mul ple packets with di erent TTLs could indicate a traceroute.
• Packets with unknown protocol values may indicate malicious ac vity.

Conclusion
Wireshark makes it easy to capture and analyze IP tra c, helping diagnose rou ng issues,
fragmenta on, and unusual network behavior.
fl
ti
ti
fi
ti
fi
ti
fi
ti
ti
ti
ti
ti
ffi
fi
ti
fi
ff
ti
ff
ti
ti
ti
ffi
ti
ti
ti
ffi
ti
fi
ti
ti
ffi
fi
ti
tt
ti
Enrollment No:-230170132036