Scribd
Upload
29 views10 pages

CF Practical 4

Uploaded by

samiyasp23hcs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
29 views10 pages

CF Practical 4

Uploaded by

samiyasp23hcs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Practical No.

4
Aim: Capturing and analyzing network packets using WireShark (Fundamentals):
 Identification the live network
 Capture Packets
 Analyze the captured packets

Name: Moazzam Mulla


Class: TYCS(A)
Roll No: 27
Subject: Cyber Forensics
Sign:
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

Practical No. 4
Aim: Capturing and analyzing network packets using WireShark (Fundamentals):
 Identification the live network
 Capture Packets
 Analyze the captured packets

In this practical only identification, capturing and analysis is

done. We will also solve some cases to understand the practical

clearly.

Identifying the Live Networks


We are using WireShark, an application used to identify, capture and analyze the network traffics.

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

Capturing Network
We are now going to capture a network of Ethernet

As soon as you single-click on your network interface’s name, you can see how the packets are
working in real time. WireShark will capture all the packets going in and out of our systems.

Analyze the Captured Packets


Color Coding Different packets are seen highlighted in various different colors. This is
WireShark’s way of displaying traffic to help you easily identify the types of it.
Default colors are:

 Light Purple color for TCP traffic


 Light Blue color for UDP traffic
 Black color identifies packets with errors

Example these packets are delivered in an unordered manner.


Click on View  Colorize Conversation  New Coloring Rule

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

Here we can see the Default Colors given for every Packet Capturing

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27
Now we analyze data using filters provided in the WireShark application

Write the following commands in the given area to apply filter

Display filter command

1) Display packets based on specific IP-address


 [Link] == [Link]

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

2) Display packets which are coming from specific IP-


address
 [Link] == [Link]

3) Display packets which are having specific IP-address destination

 [Link] == [Link]

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27
4) packets which are using http protocol
 http

5) Display packets which are using http request


 [Link]

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

6) packets which are using TCP protocol


 tcp

7) Display packets having no error connecting to server


 [Link]==200

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

8) packets having port number 80, 443


 [Link]==80 || [Link]==443

Cyber Forensics
Name: Moazzam Mulla
Class: TYCS(A)
Roll No: 27

9) packets which that contains keyword facebook


 tcp contains facebook

Cyber Forensics

You might also like