Wireshark Introduction

• Wireshark: a packet sniffer and analyzer

• Captures (“sniffs”) messages being sent/received from/by your computer; it will also typically
store and/or display the contents of the various protocol fields in these captured messages. A
packet sniffer itself is passive.
• Capture packets going through a NIC network traffic
• Store and display protocol fields (not your data!)
• Passive application
packet (www browser,
• observing the sequence of messages exchanged analyzer email client)
between two protocol entities, delving down into the application
details of protocol operation, and causing protocols to OS
perform certain actions and then observing these packet
copy of all Transport (TCP/UDP)
actions and their consequences.
Ethernet
capture frames Network (IP)
sent/received
(pcap) Link (Ethernet)
• packet capture library (pcap) Physical

• http://www.wireshark.org/
• a user-guide:
http://www.wireshark.org/docs/wsug_html_chunked/

Application Layer 2-1

 Project 2 Wireshark TCP (1/5)
• Overview
• Start Whireshark (set capture to “Adapter for loopback traffic”)
• Run your web-server on your own machine (Your server should support html
and image files)
• Open a browser to get web pages/images from your server.
• set filter to the port# of your own webserver, notice your client port #;
• The html file can be less than 1k bytes. But the image needs to be larger than
MSS bytes of your computer setting.
• An example MSS could be 65495 bytes for the adapter for loopback. But when accessing
the textbook page via a wireless link, it could be 1460 bytes.
• Wireshark TCP user guide
• The attached pdf: “Wireshark_TCP_v8.1.pdf”
• You can use the web addresses and the files to practice
• But, DO NOT use them to generate results to the report! See next two pages.
• Note: an additional document is given to collect some answers. It also includes
additional requirements and guides. They are in following pages too.
Transport Layer: 3-2
Project 2 Wireshark TCP (2/5)
• Additional guide
• Some new features may be found in the software you download
• When right click a packet (or under Analyze), use “follow (TCP stream)” can
pick only the related traffic stream
• You may find unfamiliar TCP segments (e.g.,PSH), do a search and explain in
your report.
• You can use relative sequence numbers
• Notice the relationship between the segment size and TCP header and IP
header sizes
• You may see a FIN segment. Take the segment before it (from server to client)
as the last received data
• Click for protocol details (both TCP and HTTP)
 Project 2 Wireshark TCP (3/5)
• Generate and capture traffic in three ways
• Revise your webserver to send using the following three methods
• (1) Use connectionSocket.send() (over TCP)
• V1: Send using the loop, a byte a time as the sample solution shows
• V2: Send without using the loop, all data at once via a single call
• (2) Use connectionSocket.sendall() (possible UDP)
• V3: Send all data at once via a single call
• Three files are provided for your web server that client will retrieve
• RandomText.txt, CahabaLily.jpeg, tree.JPEG, different sizes
• Capture and save the traffic for different cases detailed on next page
• Analyze the captured traffic and compare
• (1) Calculate response time for each case and compare
• (2) Follow the annotated questions in Wireshark_TCP_v8.1.pdf to produce more
results (see attached instructions)
Transport Layer: 3-4
 Project 2 Wireshark TCP (4/5)
• Analyze the captured traffic and compare
• Follow the instructions, and use the tables and formatting provided in WS-TCP-
Report-22F.docx for the answers to the annotated questions Q1 – Q13 ( fill the
tables)
• Comparisons of response time, and explanation
• Describe your methods of grabbing data and calculating response time. There may be
different ways. If needed, you could show your method using annotated images.
• Two tasks are given in WS-TCP-Report-22F.docx
• Show the comparison results and write your explanations
• Report include: your name, host IP and server port#, the date of data collection
• Report and Submission:
• Package to submit:
• The report, your server code (three versions), collected Wireshark data, and code that you
used to generate the results if any.
• A Zipped file of all the above with your name as the filename.
Transport Layer: 3-6
Project 2 Wireshark TCP (5/5)
• A summary of results to produce
Files Server V1 Server V2 Server V2

RandomText.txt Maybe used for Qs 1 - 5, 7-10 *

CahabaLily.jpeg Response time Response time; Response time

Maybe used for Qs 1 - 5, 7-10 *

tree.JPEG Response time;

and used for Qs 12- 13

* For Qs 1 - 5, 7-10 pick one file. If you already finished using one of them, that is good.