Expert answer:networking and wireshark app, computer science ass

By /

Answer & Explanation:the class is about networking and in this lab we use wireshark appi need u to complete the lab4–5.3 (from point 33 easy steps)  and also please do the thought questions for  5.2 & 5.3
lab4.docx

lab4.pdf

Unformatted Attachment Preview

For the next one down I change with you the www.micrisift.com to
www.towson.edu
33.
5.3
As you said in the cookie does not show up due the security
Me

yiew
So
Capture
analyze
sattelKs
Help
Bit a* a at tf P S X S S ‘ ^ * <*• s. H|H rrctps [ACK] seq-1 Ackk-42 Wln-64298 serv-http > http [ACK] Seq-li^o ACK»14^3 WTn-&55ii Ler
/comp1ete/search?r4«www. goog lea/out put-tool bar &c1 1ent-t
53212
49 221403
72.14.207.1
serv-http > http [ACK} seq-2044 Ack-1896 wln-65074 Ler
1 5 5 . 9 7 243 201
2O 4 b 6 5 65 70 2d 41
2dO
3
33 64
34
64.
6c 69 76 65 Od Oa 43
32
30
* (http.host). 22 byte*
6f
35 36 39 65 36 3a 54
Packets: 1 -13Displayed: H3MatfcatfcODropped: 0
I Profile: Default
Figure 5-3: Captured packets.
24. Scroll down until you see a line that has “GET / HTTP/1.1” in the Info column. (You may have to
try more than one until you get to the packet that shows “www.Google.com” in the bottom pane.)
25. Select that row.
26. In the bottom pane you will see a bunch of numbers to the left. (It’s the packets contents in
hexadecimal.) Just to the right you will see the content of the packet in a column.
27. Select the text: www.Google.com.
28. Take a screenshot.
Note: You just picked packets off your network and looked at their contents. There may have been a lot of
traffic that you couldn’t interpret. Don’t worry about the information on your screen that is difficult to
understand. In the next project you will use a filter to capture only Web traffic going over port 80.
1. What do the different colors mean?
2. Why does your computer get packets that are addressed to another machine?
3. How many packets does your computer send/receive in a single mouse click when you visit a
Web site?
4. Could you organize or filter the traffic to make it easier to understand?
Now you are going to filter out all the “extra” packets you captured and just look at Web traffic. Too
often you will capture much more information than you will ever want or need. Being able to filter out the
traffic you don’t want is an important skill. Before you can filter packets you need to understand a little
bit about “ports.”
Ports are like doors and windows on your house. Your house has several points of entry (including doors,
windows, chimneys, etc.) through which people could enter your house. Computers work the same way.
Each point of entry on a computer is called a port. Information comes into a computer through a port.
Each port is given a specific number so it’s easier to remember. Below are some of the more common
port numbers that you’ll need to know:
Port 110-POP (email)
Port 21 – FTP (supervisory)
Port 25 – Email
Port 20 – FTP (data)
Port 23 – Telnet
Port 80 – Web
Port 143 – IMAP (email)
Port 443 – SSL (encrypted)
Your house has an address to locate it and a front door for people to enter. Your computer works the same
way. It has an IP address to locate it and a port to enter. You can filter packets by IP address or by port
number. A thorough understanding of TCP/IP will greatly aid your understanding of how packet filtering
works. There are many great tutorials available on the Web that will teach you the basics of TCP/IP.
Below are instructions on how to filter out all packets EXCEPT Web traffic by creating a filter for just
port 80. This will capture all the Web traffic going to ALL the computers on your local network. Reread
the last sentence. Yes, you read that correctly, it may even capture Web traffic intended for other
computers on your network. This is one of the reasons why packet sniffers are important to learn.
1. With Wireshark open click Capture and Options.
2. If you haven’t already done so, select your Network Interface Card (NIC) in the Interface dropdown menu at the top of the screen. (Your NIC will undoubtedly have a different name.)
3. Enter “tcp port 80″ in the box next to Capture Filter. (See Figure 5-4.)
Capture
Interface:
-RealtekRTL8139/810x Family Fast Ethernet NIC
IP address; 155.97.243.201
Buffer size: 1
0
£, megabyte(s)
Capture packets in promiscuous mode
O Limit each packet to
[Capture Filter:]
bytes
tcp port SCij
Capture File(s)
Display Options
File:
0
Update list of packets in real time
D Use multiple files
Hide capture info dialog
0
Automatic scrolling in live captut e
0
Name Resolution
0
Enable MAC name resolution
CH Enable network name resolution
0
Enable transport name resolution
Figure 5-4: Configuring Wireshark to capture port 80 traffic.
130
Pa
Edit
»ew
go
Capture
Analyze
« « & it M B x
Statistics
s>
Source
155.97.243.201
155.99.22.200
155.97.243.201
155.97.243.201
a!55-99-22-200.deploy
155.97.243.201
155.97.243.201
64.233.167.147
155.97.243.201
155.97.243.201
1616.040456
155.97.243.201
1416.040408
64.233.167.147
12 16.040354
BiQ
Destination
Protocol
155.99.22.200
HTTP
155.97.243.201
HTTP
155.99.22.200
TCP
al55-99-22-200.deploy HTTP
155.97.243.201
HTTP
a!55-99-22-200.deploy TCP
64.233.167.147
TCP
155.97.243.201
TCP
64.233.167.147
TCP
GET /guest/rush! 1mb/rushSLIC’E/New750x470/750tax
HTTP/1.1 304 Not Modified
1nformatlk-lm > http [ACK] Seq-696 Ack-160 w1n«
GET /gue5t/rushl1mb/rushSLIDE/New750x470/750tv.’
HTTPA-1 304 Not Modified
1nformat1k-lm > http [ACK] seq-1387 Ack-319 wiri
e1con-slp > http [SYN] seq-0 w1n-65535 Len-0 MS
http > eicon-slp [SYN, ACK] Seq-0 Ack-1 wln-572
http > eicon-slp [ACK] seq-1 Ack-918 w1n-7336 u
[TCP segment of a reassembled PDU]
TCP
64. 2 3 3 . 1 6 7 . 1 4 7
elcon-slp > http [ACK] seq-918 Ack-1381 w1n-655
e1con-slp > http [ACK] seq-918 Ack-2953 win-655
GET /1ntl/en ALL/imaaes/loao.a1f HTTP/I.1
I
GET / HTTP/I.IV
[truncated] Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application
Accept-Language: en-usr
UA-CPU: x86r
Accept-Encoding: gzip, deflater
[truncated] user-Agent: Mozilla/4.0 (compatible; MSIE 7.0; window: NT 5.1; Mozilla/4.0 (compatible; MSIE 6 . 0 ; windo’!
Host: www.google.comr
connection: Keep-Aliver
cookie: PREF=ID«c7fdc9el74534f7b:TB=2:TM=1209657598:LM»1209657598 S-hI9qaIzGrxcui3XO; NID=10-eoKAADljz4CwM8lEQUwnwe
r
CLR 3.0 . 0 4 5 0 6 . 3
0; infop ath.2; .
NET CLR 3 . 0 . 0 4 5 0
6.648; . NET CLR
3.5.2102 2 ) . . 5
U’iliWiflJ>lll^i*’ll
Mconriec tic
ep-Alive . . c o o k i e
: PREF=I D-c7fdc9
e!74534f 7b_TB=2:
TM-12096 5 7 5 9 8 : L M
3d^68 49
=1209657 5 9 8 : S = h I
40 Marked: 0 Dropped: 0
Profile: Default
Figure 5-5: Viewing the contents of a packet.
4. Close ALL other programs you currently have open except your word processing program
(Microsoft Word, OpenOffice Writer, etc.).
5. Click Start.
6. Open a Web browser and go to www.Google.com.
7. Click Capture and Stop.
8. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more than one
until you get to the www.Google.com packet.)
9. Select that row.
10. In the bottom pane you will see a bunch of numbers to the left. (It’s the contents of the packet in
hexadecimal.) Just to the right you will see the contents of the packet in a column.
11. Select the text www.Google.com.
12. Take a screenshot. (See Figure 5-5.)
P a g e j 131
Capture
Fife
£dit
tfew
£o
Capture
Analyze
Statistics
Telephony
Tools
tlelp
Filler: j
IP address: 155,97.243.202
• w w a i a c ^ B i x e M ^ > * *> w a p|a|
Interface:
Local
i v l RealtekRTLS 139/81 Ox Family Fast Ethernet NIC
[^ )
1

[
| Capture packets in pcap-ng format (experimental)
D Limit each packet to ! •
File:
No. –
£i megabyte(s)
bytes
Display Options
I
[firowse. jj
Automatic scrolling in live capture
1 .
it
a
it
n
Enable transport name resolution
j
Start
j |
Cancel
Destination
155.97.243.202
65.55.21.250
155.97.243.202
155.97.243.202
65.55.21.250
155.97.243.202
65.55.21.250
155.97.243.202
65.55.21.250
65.55.21.250
. .
Expression..
Protocol
65.55.21.250
155.97.243.202
65.55.21.250
65.55.21.250
155.97.243.202
65.55.21.250
155.97.243.202
65.55.21.250
155.97.243.202
155.97.243.202
>
TCP
HTTP
TCP
HTTP
TCP
TCP
HTTP
TCP
TCP
HTTP
Q. q. Q ED
dear Apply
Info
i”
24121 > http [F:
HTTP/1.1 200 OK
[TCP segment of
GET /global/en/i
http > 24121 [F:
24121 > http [AI
HTTPA-1 304 NO ,
HTTPA.l 304 NO’
j
L>J
Frame 1 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Micro-st_52 :74 : 3 5 (00:13:d3:52:74 :35), Dst:Hew1ettP_71:bf :0f (C
internet Protocol, Src: 155.97.243.202 (155.97.243.202), Dst:65. 55.21.250 (65. 5 5 .
Transmission control Protocol, src Port; 24119 (24119), ost Port: http C80), Seq:
: 0000
~]
Source
290645476
300872140
0 Update list of packets in real time
0
Hide capture info dialog
[3 Enable MAC name resolution
,,
>F
1
EH Enable network name resolution
D …after
Help
| ”
Time

Buffer size: ! 1
220619094
23 0 619624
24 0 622996
250623034
26 0 640693
27 0 640750
E3
[Capture Filter: I ‘ tcp port 80 and host www.microsoft.ee
Capture File(s)
322605263
332618986
D Use multiple files

0
Name Resolution
Stop Capture…
‘: D … after
0
D …after
[
00 If 29 71 bf Of 00 13
15 fa
:0020
00 34 Oa 9c 40 00 80 06
0010
5e 37 00 50 6d 94
d3 52 74 35 08 00 45 00
09 cb 9b 61 f3
ca 41 37
d7 02 00 00 00 00 80 02
. . )q. . .
. 4 . . IB
.Rt5..E.
a..A7
,
..A7.Pm
V
|
O’R«altekRTL8139/810x Family Fast Ethernet NIC
Figure 5-6: Capture filter to include www.microsoft.com.
Packets. 34 Displayed 34 Marked
fproffe- Default
Figure 5-7: Captured packets.
13. Click Capture and Options.
14. Enter “tcp port 80 and host www.microsoft.com” in the box next to Capture Filter. (See Figure 56.)
Click Start.
Open a Web browser and go to www.Google.com. (You shouldn’t pick up any packets.)
Go to www.Microsoft.com in your Web browser. (You should pick up several packets.)
Click Capture and Stop.
Take a screenshot. (See Figure 5-7.)
15.
16.
17.
18.
19.
File
Capture
Interface: ILocal
! v 1 RealtekRTL8139/810x Family Fast Ethernet NIC
Edit
View
Jo
Capture
SKHttftitt
p*7]
IP address: 155.97.243.202
Analyze
Statistics
‘-* El X »2 ei>
Tetephony_
Tools
Help
<±i 61 Q, 0 , > C ife ^F HL
Buffer size: ; 1
Time
£! megabyte(s)
bytes
[Capture Filter: | ! tcp port 80 and host www.microsoft.eem and src port 80
[^ j
Display Options
File:
Browse.
H Update list of packets in t eal time
0
»
Expression… Clear. Apply
Filter
No. .
Source
Protocol
Destination
Info
u?J
IIL.H ieyrneni. ui
[TCP segment of
HTTP/1. 1 200 OK
http > 24013 [A(
HTTP/1.1 304 NO’
http > 24015 [A!
[TCP segment of
[TCP segment of
[TCP segment of
[TCP segment of f
HTTPA-1 200 OK !
d Capture packets in promiscuous mode,
1 1 Capture packets in pcap-ng format (experimental)
CH Lj”* each packet to i :
Capture File(s)
j
D Use multiple files
Automatic scrolling In live capture
64. .31.252
64.4.31.252
44 0.881139
45 0.881180
64.
64.
64.
64.
64.
64.
64.
64.
64.
34 0.478941
35 0.528130
36 0.528158
37 0.530202
38 0 . 5 3 5 4 3 8
39 0 . 5 3 5 5 4 5
40 0 . 5 3 5 6 5 7
410.535786
42 0 . 5 3 5 8 2 0
.31.252
.31.252
.31.252
.31.252
.31.252
.31.252
.31.252
.31.252
.31.252
155 97 2 3.202
155 97 2 3.202
155 97 2 3 . 2 0 2
155 97 2 3.202
155 97 2 3.202
155 97 243.202
155 97 2 4 3 . 2 0 2
15597243.202
155 97 2 4 3 . 2 0 2
155 97 243.202
155 97 243.202
HTTP
TCP
HTTP
TCP
TCP
TCP
TCP
TCP
HTTP
TCP
[TCP segment of ! I
HTTP/XML HTTPA-1 200 OK
PI Hide capture info dialog
t Frame 1 (60 bytes on wire, 60 bytes captured)
t! Ethernet II, src: HewT ett P_71 : bf : Of (00:lf :29:71:bfOf),
:
Name Resolution 0
Stop Capture . . ,
D …after
a Transmission control Protocol, Src Port: http (80),
Enable MAC name resolution
Dst: Micro-St_52:74:35 (C
Dst Port :
D Enable network name resolution
D …after
0
D… after
Enable transport name resolution
00 28 76 a3 40 00 32 06
0010
00 13 d3 52 74 35 00 If
0000
Help
[
Start
j |
. . . Rt 5 .. )qV.:.E.
.(v.e.2 . . .e. . . .a
29 71 bf Of 08 00 45 00
e3 00 40 04 If fc
9b 61
T
0030
[
fd
5C e8 91 00 00 00 00
i
+ 5&v . P .
3 (24013), Seq: ‘
00 00 00 00
Cancel
O RealtekRTL8139/810xFairtlyFastahernetNIC.., i PacketsMS Displayed; 45 Marked
Figure 5-8: Capture filter to include “src port 80.”
Profile: Default
Figure 5-9: Captured packets from one source IP.
20. Click Capture and Options.
21. Enter “tcp port 80 and host www.microsoft.com and src port 80″ in the box next to Capture Filter.
(See Figure 5-8.)
22. Click Start.
132 P a ^ e
23. Go to www.Microsoft.com in your Web browser. (You should pick up several packets with the
same source IP.)
24. Click Capture and Stop.
25. Take a screenshot. (See Figure 5-9.)
Capture
File
Edit
View
Filter
IP address: 155,97.243.202
H M 8i
Interface: Local
v
Realtek RTLS139/310X Family Fast Ethernet NIC
[^J
.e
Buffer size: 1
^
,
,.
£ megabyte(s)
bytes
Display Options
|
[Browse… |
r£] yp^g |i5l:of pacKets In real time
£o
Capture
Analyze
Statistics
X Si da
Telephony
‘-
look
Help
r ; Q ^ ^ ^ u

155
155
155
155 97.243. 202
155 97.243. 202
155 97.243. 202
0.001527
0.001980
0.002356
0.003673
2
3
4
5
Oest nation
Sour ce
T,me
155
155
155
155
155
11 0.075365
101.201
101.201
101.201
101.201
155
155
155
155
10
10
10
10
101.
101.
101.
97
97
97
97
3
3
3
3
Expression…
Protocol
201.10
201.10
201.10
2
2
2
2
202
202
202
202
DNS
DNS
DNS
DNS
DNS
DNS
DNS
Clear Apply
Info
Standard query ,:
standard query ,;
standard query ,
standard
Standard
standard
standard
query
query
query
query
12 0.081577
Hide capture info dialog
14
– Quer les
^
Name: c.m icroso ft . com
ddress)
Type: A (
c l a s s : IN fOxOO 01)
Enable MAC name resolution
v
*
D Enable network name resolution
0000
after
Enable transport name resolution
0010
0030
~*|P
at *
•”
0.005060
0.007405
0.007476
0.007585
7
8
9
10
No. .
[ 1 Capture packets in pcap-ng fc rmat (experimental)
! ! ymft each packet to
Capture File(s)
File:
D Use multiple files
1
0
Name Resolution
0
Stop Capture…
D .-after
CH
0
1
00 If 29 71bf Of 00 13
00 3d 75 e8 00 00 80 11
13
11
52 74 35 08 C 0 45 00
?h 9b 61 f3 c a 9b 65
. .)q
.=u
R t 5 . .E.
+ a ..e
KtXfl»«•
00 00 00 00
‘. ‘”
~]
I
Start
11
Cancel
]
Pac
O Query Name (dns.qry.na
Figure 5-10: Capture filter for port 53.
26.
27.
28.
29.
30.
31.
32.
33.
Figure 5-11: Captured DNS packets.
Click Capture and Options.
Enter “port 53” in the box next to Capture Filter. (See Figure 5-10.)
Click Start.
Go to www.Microsoft.com in your Web browser. (You should pick up several packets colored
blue by default. These are DNS requests.)
Click Capture and Stop.
Click on the first row.
Highlight the Microsoft entry in the Packet Contents pane.
Take a screenshot. (See Figure 5-11.)
In this project you learned how to 1) capture packets going to a specific port, 2) capture traffic addressed
to a specific host (or IP address), 3) capture only the source/destination port, and 4) capture DNS traffic.
For a list of the possible ports you can specify you can go to the following link:
http://wiki.wireshark.org/PortReference.
By filtering only Web traffic (port 80) there was much less information to capture. There was even less
traffic if you specified a particular Web site. You can even look at only one side of the conversation by
specifying a source or destination port. Wireshark’s wiki (http://wiki.wireshark.org/FrontPage) has a lot
of information about how to capture specific kinds of traffic and even provides some sample captures.
THOUGHT QUESTIONS
1.
2.
3.
4.
Why does your computer send so many packets? Why not send just one really big packet?
What do SYN, ACK, FIN, GET mean?
Can you capture all of the packets for an entire network?
Can Wireshark automatically resolve the IP address into host names?
P a e e i 133
5.3
PACKET INSPECTION
In the prior project you learned how to capture specific types of traffic. In this project you will look at the
parts of a packet. Each packet comes with a lot of information that the end user never sees. Each packet
has 1) both source and destination IP addresses, 2) both source and destination MAC addresses, 3) a TTL,
and 4) both source and destination port numbers. In addition, they also have information about window
size, IP version, timings, sequence numbers, etc.
Understanding the contents of a packet helps you understand how TCP/IP (and the Internet) works in the
real world. Each field in a packet serves a purpose. There are also different types of packets (UDP, ICMP,
etc.) that perform different functions. You will also walk through a TCP connection in this project.
Understanding these fundamental components is critical to becoming a good network administrator.
1. With Wireshark open click Capture and Options.
2. If you haven’t already done so, select your Network Interface Card (NIC) in the Interface dropdown menu at the top of the screen.
3. Enter “tcp port 80” in the box next to Capture Filter. (See Figure 5-12.)
Capture
Interface:
; Realtek RTL3139/81CK Family Fast Ethernet NIC
(Microsoft’s Ps fjj[]
IP address: 155.97.243.201
Buffei
e: 1
:£i
megabyte(s)
1^1 Capture packets in proi
This wizard helps you to create shortcuts to local or
network programs, files, folders, computers, or Internet
addresses.
Type the location of the item:
[D Limit each packet to
|
Capture File(s)
Display Options
File:
PI ypdate list of packets in real time
Click Next to continue
O Use multiple files
0 Automatic scrolling in live capture
(3 Hide capture info dialog
Name Resolution
0
Enable MAC name resolution
[ 1 Enable network name resolution
0
Enable transport name resolution
J |
I
Cancel
Figure 5-12: Configuring Wireshark to capture port 80 packets.
4.
5.
6.
7.
8.
9.
10.
Njext>
I
[
Cancel
Figure 5-13: Captured packets for www.Google.com.
Close ALL other programs you currently have open except your word processing program.
Right-click anywhere on your desktop.
Select New and Shortcut.
Enter “www.Google.com”. (See Figure 5-13.)
Click Next.
Enter “Google” for the name. (See Figure 5-14.)
Click Finish.
134 P a t i e
< Back Finish _ Edit View it View £o Capture Analyze Stati Telephony lools tJelp at & # ,^ a x s 1 0.000000 2 0.024056 3 0.024108 155.97 74.125 155.97 5 u.049793 6 0.059043 7 0.059087 8 0.059114 9 0.059128 11 0.158304 tp [ACK] Seq-649 155.97.243.202 Cancel Figure 5-14: Naming the shortcut. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. Fife Figure 5-15: GET request showing Google's hostname. Close all other Web browsers. (This will reduce the number of packets you capture.) Go back to Wireshark and click Start. Double-click the Google shortcut on your desktop. Wait for the page to load. Close your Web browser. Go back to Wireshark and click Stop. Click on the line that has Get in the Info field. (In this example it was the 4th packet. See Figure 515.) In the Packet Details pane (the middle pane) click on the line labeled "Ethernet II." Click on the line labeled "Source." Take a screenshot. (See Figure 5-16.) Open a command prompt by clicking Start and Run. Type CMD Type ipconfig /all Take a screenshot. (Notice that the MAC and IP addresses are the same as those shown in the Wireshark capture. In this case the MAC address was 00-13-D3-52-74-35. See Figure 5-17.) Go &&&&>$
Capture
Analyze
Statist
s
I’HSCpgfta
Telephony
‘s
,
lools
Help
‘•> 0, ? ,2
Filler
T
Bid
Expression…
Protocol
Q Q. Q,
Clear
26929 > http
155.97 243 202
Info
Source
No. .
Time
1 0.000000
Destination
74.125 155.103
mfUfmctmaxsiafti BBmE£Stti$S12
74.125 155.139
74.125 155.103
155.97 2 3 202
155.97
155.97
155.97
74.125
74.125
74.125
74.125
155.97
155
155
1 5
2 3
103
103
103
202
TCP
MESij3H
243.202
243.202
243.202
155.103
TCP
TCP
TCP
TCP
HTTP
TCP
HTTP
26929 > http
http > 26929
[TCP
[TCP
»
Apply
155.97 243 202
3 0.024108
BBEBSEEHsBtiBI
5 0.049793
6 0.059043
7 0.059087
8 0.059114
10 0.144161
t Frame 4 (702 bytes on wire, 702 bytes captured)
-. Ethernet II …
Purchase answer to see full
attachment

Order a plagiarism free paper now. We do not use AI. Use the code SAVE15 to get a 15% Discount

Looking for help with your ASSIGNMENT? Our paper writing service can help you achieve higher grades and meet your deadlines.

Why order from us

We offer plagiarism-free content

We don’t use AI

Confidentiality is guaranteed

We guarantee A+ quality

We offer unlimited revisions

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top