Reg.

No 2017-EE-428
Marks

Experiment # 1

Wireshark Basics

Wireshark:

Wireshark is a free and open-source packet analyzer. It is basically used for network
troubleshooting, analysis, software and communications development, and for the education
purpose. Why Wireshark is referred as a network packet analyzer? This is because that it will try
to capture network packets and tries to illustrated that packet data as detail as possible. Take the
following analogy: imagine that the network packet analyzer as a measuring device used to
examine what’s going on inside a network cable.

Fig. 1: Packet sniffer structure

The basic tool for observing the messages exchanged between executing protocol entities is
called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being
sent/received from/by your computer; it will also typically store and/or display the contents of
the various protocol fields in these captured messages. A packet sniffer itself is passive. It
observes messages being sent and received by applications and protocols running on your
computer, but never sends packets itself. Similarly, received packets are never explicitly
addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are
sent/received from/by application and protocols executing on your machine.

Figure 2: Wireshark Graphical User Interface, during packet capture and analysis
Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this
case, Internet protocols) and applications (such as a web browser or ftp client) that normally run
on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an
addition to the usual software in your computer, and consists of two parts. The packet capture
library receives a copy of every link-layer frame that is sent from or received by your computer.
Recall from the discussion from section 1.5 in the text (Figure 1.241) that messages exchanged
by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually
encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet
cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper-layer protocols
are eventually encapsulated within an Ethernet frame.
Cisco Packet Tracer:

Packet Tracer is a networking simulation tool (as stated above) used for practice, discovery, and
troubleshooting designed by Cisco. Cisco’s official website describes Packet Tracer as:

“A powerful network simulation program that allows students to experiment with network
behavior and ask ‘what if’ questions.”

As stated, it is a powerful network simulator to help networking students achieve the optimum
learning experience while also gaining practical networking and technology skills to develop
their expertise.

Figure 3

 Packet Tracer Modes

Cisco Packet Tracer offers two operating modes to envision the network behavior:

1. Real-time Mode – Network behaves like real devices. It gives an immediate, real-time
response to all network activities.
2. Simulation Mode – The user can watch and control time intervals. They can view the
inside operation of data transfer and delivery of data across the networks.

 Packet Tracer Workspaces

Cisco Packet Tracer has two workspaces:

1. Logical – Users can create a logical network topology by connecting and clustering the
virtual network devices.
2. Physical – Provides an illustrious physical side of the logical network. It helps to fathom
a sense of placement and scale of devices like a router in real-time.
 Example using Cisco Packet Tracer

This network demonstrates Bluetooth beacons broadcasting and monitoring.

Bluetooth technology is a high-speed low powered wireless technology link that is designed to
connect phones or other portable equipment together. It is a specification (IEEE 802.15.1) for the
use of low-power radio communications to link phones, computers, and other network devices
over short distances without wires. Wireless signals transmitted with Bluetooth cover short
distances, typically up to 30 feet (10 meters).

Figure 4: Bluetooth communication

Procedure:
1. Go to Physical view and move the SBC around to be in range of the beacons.
2. Go back to Logical view and see the Bluetooth broadcast link between the beacons and the
SBC.
Figure 5

Figure 6
 Task 1: List 3 different protocols that appear in the protocol column in the unfiltered
packet-listing window in step 7 above.
Solution:
The following protocols appeared in the protocol column in the unfiltered packet listing
window: TCP, UDP, MDNS.

Task 2: How long did it take from when the HTTP GET message was sent until the HTTP
OK reply was received?
Solution:

(Time at which Request sent by source) – (Time at which Response received by source)
0.974045 – 0.665009 = 0.309036s = 30ms

Task 3: What is the Internet address of the gaia.cs.umass.edu (also known as www-
net.cs.umass.edu)? What is the Internet address of your computer?
Solution:
Source IP address: 192.168.43.89
Destination IP address: 128.119.245.122
Task 4: What is the Internet address of the gaia.cs.umass.edu (also known as
www-net.cs.umass.edu)? What is the Internet address of your computer?
Solution:

GET:

OK:

Conclusion:
In this lab, I have explored the Wireshark software and learn about its working. I scratch the http
protocol and explore the GET and OK request and response messages. I have also explored about
the Cisco packet tracer by one example of Bluetooth beacons.