Scribd
Upload
55 views5 pages

Lab Tut 1C

Uploaded by

Andrew Koh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
55 views5 pages

Lab Tut 1C

Uploaded by

Andrew Koh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

INF1006 Computer Networks

2023-2024 Trimester 2

Laboratory 1c:
Getting to know Wireshark Network Protocol Analyzer

LEARNING OUTCOMES

Upon completion of this laboratory exercise, you should be able to:

• Use Wireshark to capture network packets


• Understand TCP/IP network layering and encapsulation

REQUIRED HARDWARE

• PC with Internet access

REQUIRED SOFTWARE

• Wireshark 4.0.12. https://www.wireshark.org

PART 1: GETTING STARTED WITH WIRESHARK NETWORK PROTOCOL ANALYZER

1.1 Network protocol analyzer, also known as packet sniffer, is a very


useful tool for learning and troubleshooting computer networks. An
example is the well-known open-source Wireshark.

1.2 Instead of using the lab laptops, you may wish to download and
install Wireshark on your own laptop. Next, launch it.

Figure 1

1
INF1006 Computer Networks

1.3 To start capturing packets in the network, go to the 'Capture' menu


and click 'Options...'

Figure 2

1.4 On the pop-up window, select the interface to capture network packets
and click the 'Start' button.

Figure 3

1.5 Now, Wireshark will commence capturing and display all the
captured network packets in a window consisting of 3 panes as
follows:
• Top pane is the packet list pane: Each row corresponds to a captured
network packet. Select a packet in this pane to display the details in the
other 2 panes.

• Middle pane is the tree view pane: Display the selected network packet
according to TCP/IP layers. Double-click a layer to show/hide the
corresponding fields in the layer.

2
INF1006 Computer Networks

• Bottom pane is the data view pane: Display the actual data bits (in
hexadecimal) of the selected network packet. In addition, select any
field in the middle pane will highlight the corresponding data bits here.

Figure 4

PART 2: UNDERSTANDING TCP/IP LAYERED ARCHITECTURE AND ENCAPSULATION


2.1 In Part 2 of this lab, you are going to use Wireshark to capture and analyse a
network packet to enhance your understanding of the TCP/IP 5-layer network
architecture implemented on the Internet as discussed in Lecture 1.

2.2 Launch a web browser and get ready to one of the Internet software
application foundation Apache websites at the URL http://example.com/ but
do not press the enter key yet. Next, re-start Wireshark to commence
capturing of network packets. Immediately, return to web browser and press
the enter key. When example webpage appears on the browser, stop the
Wireshark.

2.3 At the top pane of Wireshark, select the HTTP Get request packet sent from
your Web browser to the website, e.g., as shown in Figure 4 above.

3
INF1006 Computer Networks

2.4 Next, refer to the middle pane of Wireshark and Lecture 1 page 30, list down
the corresponding protocols at the different layers of TCP/IP. (Note:
Wireshark does not show the Physical Layer which consists of the actual
signals transmitted.)

• Application Layer: HTTP

• Transport Layer: Transmission Control Protocol

• Network Layer: Internet protocol

• Data Link Layer: Ethernet

2.5 Now, zoom into the details of Data Link Layer and answer the following:
(Note: Wireshark does not show the Data Link trailer also.)

• Data Link Layer header (in hex):


04d4c4d9bb28581cf850cce20800450001d2c190400080060000c0a80142
5db8d822eebf0050ad6cc1ed7ccc70a650180201f9890000474554202f20
485454502f312e310d0a486f73743a206578616d706c652e636f6d0d0a43
6f6e6e656374696f6e3a206b6565702d616c6976650d0a5570677261646
52d496e7365637572652d52657175657374733a20310d0a557365722d4
167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542
031302e303b2057696e36343b2078363429204170706c655765624b6974
2f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368
726f6d652f3132302e302e302e30205361666172692f3533372e33360d0a
4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f
7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e
392c696d6167652f617669662c696d6167652f776562702c696d6167652f
61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f736967
6e65642d65786368616e67653b763d62333b713d302e370d0a41636365
70742d456e636f64696e673a20677a69702c206465666c6174650d0a416
3636570742d4c616e67756167653a20656e2d55532c656e3b713d302e39
0d0a0d0a

(Hint: Select 'Ethernet II ...' in the middle pane of Wireshark and note the
corresponding highlighted data bits (in hex) in the bottom pane, e.g.,
as shown in Figure 4 above.)

• Link address (destination):


4
INF1006 Computer Networks

Ans:
Destination: ASUSTekCOMPU_d9:bb:28 (04:d4:c4:d9:bb:28)

In Hex:
0000 04 d4 c4 d9 bb 28 .....(

• Link address (source):


Ans:
Source: Intel_50:cc:e2 (58:1c:f8:50:cc:e2)
In Hex:
0000 58 1c f8 50 cc e2 X..P..

(Hint: Double-click 'Ethernet II ..." in the middle pane to show the details of
the Data Link header. Select the required field and note the
corresponding highlighted data bits in the bottom pane.)

2.6 Similarly, zoom into the details of Network Layer and answer the following:

• Network Layer header (in hex): 0000 45 00 01 d2 c1 90 40 00 80 06 00


00 c0 a8 01 42 0010 5d b8 d8 22
• IP address (source) (in hex): 0000 c0 a8 01 42
• IP address (source) (in dotted decimal): 192.168.1.66
• IP address (destination) (in hex): 0000 5d b8 d8 22
• IP address (destination) (in dotted decimal): 93.184.216.34

2.7 Zoom also into the details of Transport Layer and answer the following:

• Transport Layer header (in hex): 0000 ee bf 00 50 ad 6c c1 ed 7c cc 70


a6 50 18 02 01 0010 f9 89 00 00
• Source port (in hex): 0000 ee bf
• Source port (in decimal): 61119
• Destination port (in hex): 0000 00 50
• Destination port (in decimal): 80

2.8 Finally, zoom into the details of Application Layer. Can you see the familiar
HTTP GET request message? Refer to Lecture 1 pages 24-26 again, can you
understand encapsulation now? If not, discuss with the instructor.

You might also like