Scribd
Upload
91 views16 pages

Wireshark Lab 1: ARP and HTTP Analysis

The document contains a detailed analysis of network protocols including ARP, HTTP, DNS, and SMTP, performed by Jay Amitkumar Soni. It includes specific data such as IP addresses, packet counts, and command usages, along with screenshots for justification. The findings also highlight the types of requests made and responses received during the analysis.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
91 views16 pages

Wireshark Lab 1: ARP and HTTP Analysis

The document contains a detailed analysis of network protocols including ARP, HTTP, DNS, and SMTP, performed by Jay Amitkumar Soni. It includes specific data such as IP addresses, packet counts, and command usages, along with screenshots for justification. The findings also highlight the types of requests made and responses received during the analysis.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

ARP
1. From the arp-storm file find out the following data (Justify your answer with screen shot)

Sender IP Address [Link]

Protocol Type IPv4

Sender H/W Address Cisco_[Link] ([Link])

Hardware Type Ethernet (1)

Hardware Address Length 6 bytes

Protocol Address Length 4 bytes

Target Hardware Address(0-1 Octets) [Link]_[Link] ([Link])

Target IP Address [Link]

Operation Type(Operation Code) request (1)

Count the number of packets contains Only 1 packet


[Link] IP address

1|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down the usage of arp command.

-> ARP command is used to find out the MAC address of a device based on its IP Address. It
broadcasts the “Who has <ip address>” to the whole network and the device with that given IP
address sends a response packet.

3. From HTTPDEMO file find out the following information.

4. Find out http GET method for both source ip and destination ip. Include a screenshot.

-> Source IP: [Link], Destination IP: [Link]

2|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

5. Find out http POST method for both source ip and destination ip Include a screenshot.

-> No http POST method found!

6. What is the Internet address of your computer? Include a screenshot and describe where you got
the data to answer this question.

-> It’s [Link]. I got it by using curl command on a website called [Link] that gives us
our public IP address. We can even visit it via browser to get more info.

7. How many packets did you capture (total of all protocols, not just HTTP)?

-> 93,596 packets

3|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

8. How many packets did you capture?


-> 93,596 packets

Were all of them HTTP?


-> No

How many HTTP requests did you make?


-> 61 HTTP requests

Were all the replies "200 OK"?


-> No, some responses were 301 Moved Permanently as well as 404 Not Found.

Did you find anything else interesting?

-> I found Simple Service Discovery Protocol (SSDP) containing M-SEARCH and NOTIFY methods.
M-SEARCH method is used to Discover all the Microservices while NOTIFY method is used to tell the
service registry about the available Microservice.

4|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

9. Inspect the contents of the first HTTP GET request from your browser to the server. Is there an “IF-
MODIFIED-SINCE” header line in the HTTP GET message? Why or why not?

-> There is no “IF-MODIFIED-SINCE” header line in first HTTP method.


Reason being, since it’s a first request, the content must be loaded from the server.
Next time, if there is no modification in the html file, the content can be loaded from the local cache
itself.

10. Count the total number of HTTP GET requests.

5|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

DNS
1. Find

(1) the name and IP address of the DNS server that provides the answer; and

-> Name: [Link], IP address: [Link]

(2) the answer itself, which is the host name and IP address of [Link]. Response came from
the local DNS server; it is quite possible that this local DNS server iteratively contacted several other
DNS servers to get the answer.

-> Yes, the response came from local DNS server having IP address [Link].

6|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down the usage of ipconfig (for Windows) command. show your current TCP/IP information,
including your address, DNS server addresses, adapter type and so on.

-> ipconfig command is used to check all the local network information like default gateway, local IP
address, subnet mask, DNS server addresses, adapter type etc.

7|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Execute Ipconfig /all command and take screenshot.

8|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Domain Name: gap-prime- [Link].[Link]


[Link]
IP address of DNS server [Link]
Host name of [Link] [Link]
IP address of [Link] [Link] / [Link]
Source IP address [Link]
Destination IP address [Link]
Adapter Type Ethernet

What is the destination port for the DNS query message? What is the source port of DNS response
message?

-> Destination port for DNS query message is 53. Source port of DNS response message is also 53
since its coming from the same server.

9|Page

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

To what IP address is the DNS query message sent?

-> DNS query message is sent to [Link].

Locate the DNS query and response messages. Are then sent over UDP or TCP?
-> They are sent over UDP

10 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?

-> 2 answers are provided, each one contains an type A address to access the [Link] server.

Domain name [Link]


IPV4 address [Link] / [Link]
IPV6 address Not found
Destination Server port number 51470

11 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

SMTP
1. Find out the information from smtp file. (Justify your answer with screen shot).

Find out source IP Address [Link]


Destination IP Address [Link]
Destination smtp port number 25
Find out user name Z3VycGFydGFwQHBhdHJpb3RzLmlu
Find out password cHVuamFiQDEyMw==
Mail From gurpartap@[Link]
Mail To raj_deol2002in@[Link]
UDP destination port 53
UDP source port 56166
DNS query [Link]: type A
Display and count only those packets 30 Packets
whose destination ip is [Link]
Ethernet source address CradlePoint_[Link] ([Link])
Filter packet whose source ip is 25 Packets
[Link]
Filter packet whose source ip is 58 Packets
[Link] and [Link]

12 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

13 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

14 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

2. Write down and list out all IP header information for IP packets (Attach screen shot) maximum the
information more the mark.

-> Below is all the IP Header information I found:

0100 .... = Version: 4


.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 62
Identification: 0x250a (9482)
000. .... = Flags: 0x0
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 128
Protocol: UDP (17)
Header Checksum: 0xff8c [validation disabled]
[Header checksum status: Unverified]
Source Address: [Link]
Destination Address: [Link]
[Stream index: 0]

15 | P a g e

Computer Networks (2321101124), SVG University, MCA Department


Name: Jay Amitkumar Soni, Enrollment No: 24CI2110116

3. Analyze Ethernet header and display and list out all Header information.

-> Below is the list of Ethernet II header information:

Destination: Netgear_[Link] ([Link])


Source: CradlePoint_[Link] ([Link])
Type: IPv4 (0x0800)
[Stream index: 0]

Thank You

16 | P a g e

Computer Networks (2321101124), SVG University, MCA Department

You might also like