It help only

profiletwada3

Wireshark

Summary of tasks:
  1. Install Wireshark on a Windows Machine
  2. Capture Network Traffic with Wireshark
  3. Submit a screenshot showing the TCP Handshake, HTTP GET, and TCP Data Transfer.

What You Need for This Project

  • A computer with any Windows version. 
Start Your Computer
  1. Boot to Windows 7.  This can be either a physical or virtual machine.
Installing Wireshark
  • First we will install the packet capture utility WinPcap, and then we will install Wireshark.  We need to do it in two stages because the version of WinPcap that Wireshark installs automatically does not run on Windows 7.
  • Open Firefox and go to winpcap.org

    Untitled

  • On the left side of the window, click "Get WinPcap".
  • On the next page, click "WinPcap auto-installer (driver+DLLs)".
  • Click Save to save the file.
  • In the Downloads WinPcap_4_0_2.exe.
  • Click OK to any warnings that pop up.  When the installer launches, just click Next, Next, I Agree, and Finish. 
  • In Firefox, go to wireshark.org
  • Click the "Get Wireshark Now" button.

    Untitled

  • On the next page, click "Windows Installer (32-bit)".
  • Click Save to save the file.
  • In the Downloads window, double-click wireshark-win32-1.2.1.exe.
  • Click OK to any warnings that pop up.
  • When the "Welcome to the Wireshark 1.2.1 (32-bit) Setup Wizard" box appears, click Next.

    Untitled

  • In the "License Agreement" box, click "I Agree".
  • In the "Choose Components" box, click Next.
  • In the "Select Additional Tasks" box, click Next.
  • In the "Choose Install Location" box, click Next.
  • In the "Install WinPcap" box, clear both check boxes, as shown to the right on this page, and click Install.
  • In the "Installation Complete" box, click Next.
  • In the next box, click Finish.
Capturing All Network Traffic With WireShark
  1. Click the Start button.  In the Search box, type WIRE 
  2. At the top of the menu, a Wireshark item appears.  Right-click Wireshark and click "Run as Administrator".  If a User Account Control box appears, allow the program to run.
  3. From the Wireshark menu bar, click Capture, Interfaces.  If your computer has several network cards, you may see several items here.  Just look to see which one shows an increasing number of packers.  In the example shown to the right on this page, it's the Realtek interface.  On the line showing the increasing number of packets, click Options.

    Untitled

  4. In the "Wireshark: Capture Options" box, make sure the "Capture Filter" box is empty, as shown to the right on this page.  Click Start.
  5. You should see a lot of text scrolling by, as shown below on this page. Look at these features of the Wireshark window:
      • Column Headers

     

    NoPacket Number
    TimeTime in seconds that the packet was captured
    SourceSource address of the packet
    Destination          Destination address of the paclet
    ProtocolProtocol of the packet
    InfoOther information

     

    Untitled

  6. Notice that some lines show Broadcast in the Destination column.   Broadcast traffic is common on networks as network devices alert one another of their presence.  But it's usually not very interesting.  To make Wireshark easier to use, you can Filter the traffic, to see only the interesting packets.
Capturing HTTP Traffic With WireShark
  1. From the Wireshark menu bar, click Capture, Stop.
  2. Click Capture, Start.  On the line showing the increasing number of packets, click Options.
  3. In the "Wireshark: Capture Options" box, click the "Capture Filter:" button.
  4. In the "Wireshark: Capture Filter – Profile: Default" box, click the "Capture Filter:" button.
  5. In the "Wireshark: Capture Filter – Profile: Default" box, click "HTTP TCP port (80)" as shown to the right on this page.  Click OK.

    Untitled

  6. In the "Wireshark: Capture Filter – Profile: Default" box, click Start.
  7. A Wireshark box pops up, asking "Save capture before starting a new capture?".  Click "Continue without Saving".
  8. Wireshark now just sits there, with no visible traffic, because it is ignoring all the non-HTTP packets.
Loading the Grantham University Web Page
  1. In Firefox, go to www.grantham.edu. 
  2. You should see a lot of text scroll by in the Wireshark window.
  3. From the Wireshark menu bar, click Capture, Stop.
  4. In the Wireshark window, scroll back to the top of the packet list.
Understanding the HTTP Packets
  1. Find these features in these packets:

Untitled

TCP Handshake

  • A packet with a Destination of 204.52.223.174(the Grantham Web server), labeled [SYN] in the Info column
  • A packet with a Source of your local ip, labeled [SYN, ACK] in the Info column
  • A packet with a Destination of 204.52.223.174 labeled [ACK] in the Info column

HTTP GET

  • A packet with a Destination of 204.52.223.174 labeled GET / HTTP/1.1 in the Info column

TCP Data Transfer

  • Two packets with a Source of your local ip, labeled [TCP segment of a reassembled PDU] in the Info column—these send a portion of the Web page to your machine.
  • A packet with a Destination of 204.52.223.174 labeled [ACK] in the Info column—this is the Acknowledgement your machine sends back to the Web server to tell it that you received the packets.
Saving a Screen Image
  1. Ensure these features are visible: TCP Handshake, HTTP GET, and TCP Data Transfer.  
  2. Press the PrintScrn key to copy the whole desktop to the clipboard.
  3. Click Start, "All Programs", Accessories, Paint.  In the untitled - Paint window, select Edit, Paste from the menu bar.  The desktop appears in the Paint window.
  4. In the untitled - Paint window, click File, Save.  Save the document in the My Pictures folder (or any other place you wish, such as a floppy disk) with the filename Your Name Lab3.  Select a Save as type of JPEG or PNG.
Turning in Your Project
    • 9 years ago
    • 20
    Answer(1)

    Purchase the answer to view it

    blurred-text
    • attachment
      label1.zip