Scribd
Upload
26 views6 pages

CF Pract4

Uploaded by

ayusjuly27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views6 pages

CF Pract4

Uploaded by

ayusjuly27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Name: -Rohan Sunar Roll no.

:- CS21028
Cyber Forensics
Practical No. 4

Aim :- Capturing and analyzing network packets using WireShark (Fundamentals):

 Identification the live network


 Capture Packets
 Analyze the captured packets

We are using WireShark, an application used to identify, capture and analyze the network traffics.

Identifying the Live Networks


We are using WireShark, an application used to identify the network traffics.

Step 1 :- Open WireShark

Capturing Network
We are now going to capture a network of Ethernet

Step 1 :- single-click on your network interface’s name( Ethernet ), you can see how the packets are
working in real time. WireShark will capture all the packets going in and out of our systems.
Name: -Rohan Sunar Roll no.:- CS21028

Analyze the Captured Packets

Color Coding Different packets are seen highlighted in various different colors. This is WireShark’s
way of displaying traffic to help you easily identify the types of it.
Default colors are:
 Light Purple color for TCP traffic
 Light Blue color for UDP traffic
 Black color identifies packets with errors

Step 1 :- Click on View  Colorize Conversation  New Coloring Rule


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Here we can see the Default Colors given for every Packet Capturing

Step 3 :- Now we analyze data using filters provided in the WireShark application
Write the following commands in the given area to apply filter

Display filter command


1. Display packets based on specific IP-address
[Link] == [Link]
Name: -Rohan Sunar Roll no.:- CS21028

2. Display packets which are coming from specific IP-address


[Link] == [Link]

3. Display packets which are using http protocol


http
Name: -Rohan Sunar Roll no.:-
no.: CS21028

4. Display packets which are using http request


[Link]

5. Display packets which are using TCP protocol


tcp
Name: -Rohan Sunar Roll no.:- CS21028

6. Display packets having no error connecting to server


[Link]==200

7. Display packets having port number 80, 443


[Link]==80 || [Link]==443

You might also like