DCCN Assignment 01

Name Syed Noraiz

Reg. no. FA21-BCS-044

Q:01 What is the MAC address of your Host? You can find this in the frame-level information.
Ans. It is: (30:24:32:53:9E:18)
Q:02 List the different protocols that appear in the protocol column in the unfiltered packet-listing
window.
Ans.

 TCP
 UDP
 HTTP
 DNS
 DHCP
 ARP
 ICMP
 TLS
 SMB
Q:03 How long did it take from when the HTTP GET message was sent until the HTTP OK reply
was received?
Ans. Starting Timestamp (GET message): 08:45:20.624416
Ending Timestamp (OK message): 08:45:21.734627
Difference: 00:00:01.110211
Q:04 What is the Internet address of lahore.comsats.edu.pk/cs/ (also known as
www.cuilahore.edu.pk)? What is the Internet address of your computer?
Ans. My Public Address: 39.62.25.56
Comsats Public Address: 203.124.44.149
Q:05 Print the two HTTP messages. To do so, select Print from the Wireshark File command menu,
select “Selected Packet Only” under Packet Range and “As displayed” under Packet Format, and
then click OK.
Ans.
1:
No. Time Source Destination Protocol Length Info
131 2023-10-21 20:14:54.599717 192.168.10.3 23.39.15.207 HTTP 281 GET /index.html HTTP/1.1
Frame 131: 281 bytes on wire (2248 bits), 281 bytes captured (2248 bits) on interface
\Device\NPF_{2BF6435A-58CA-4A5E-AA53-FC7BCBE5D040}, id 0
Ethernet II, Src: Cisco_33:8f:2a (a8:76:4d:33:8f:2a), Dst: Netgear_fa:94:23 (ec:bb:ce:fa:94:23)
Destination: Netgear_fa:94:23 (ec:bb:ce:fa:94:23)
Address: Netgear_fa:94:23 (ec:bb:ce:fa:94:23)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Cisco_33:8f:2a (a8:76:4d:33:8f:2a)
Address: Cisco_33:8f:2a (a8:76:4d:33:8f:2a)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.10.3, Dst: 23.39.15.207
Transmission Control Protocol, Src Port: 51518, Dst Port: 80, Seq: 1, Ack: 1737984260, Len: 227
Hypertext Transfer Protocol
2:
No. Time Source Destination Protocol Length Info
112 2023-10-21 15:20:32.409510 192.168.1.10 104.26.11.203 HTTP 364 GET /about_us.html HTTP/1.1
Frame 112: 364 bytes on the wire (2912 bits), 364 bytes captured (2912 bits) on interface
\Device\NPF_{2BF6435A-58CA-4A5E-AA53-FC7BCBE5D040}, id 0
Ethernet II, Src: Cisco_32:9a:1c (b2:3a:4c:32:9a:1c), Dst: Netgear_af:83:29 (ea:bc:dd:af:83:29)
Destination: Netgear_af:83:29 (ea:bc:dd:af:83:29)
Address: Netgear_af:83:29 (ea:bc:dd:af:83:29)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Cisco_32:9a:1c (b2:3a:4c:32:9a:1c)
Address: Cisco_32:9a:1c (b2:3a:4c:32:9a:1c)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.10, Dst: 104.26.11.203
Transmission Control Protocol, Src Port: 54123, Dst Port: 80, Seq: 1, Ack: 1320125352, Len: 300
Hypertext Transfer Protocol
Q:06 Identify two scenarios of your own where you can make use of Wireshark to view/follow
protocols in action while interacting with network applications of your choice. For each scenario,
put together a short report that explains precisely each scenario as well as corresponding steps and
how Wireshark is being used in each case to help view/follow protocols and analyse corresponding
packets.
Ans.
Scenario 1: Monitoring Network Connectivity

Description: Using Wireshark to monitor network connectivity and identify potential issues causing slow
connectivity or intermittent network problems.

Steps:

Start Wireshark and select the network interface connected to the network.
Initiate packet capture to monitor the network traffic.
Observe the traffic flow during regular usage or when issues arise.
Analyze the captured packets to identify any anomalies, such as packet loss, high latency, or frequent
retransmissions.
Use Wireshark's filtering capabilities to focus on specific protocols or traffic patterns that might be
causing connectivity problems.
Identify potential network issues or bottlenecks that might be affecting the overall network performance.
Take necessary actions to resolve the identified issues, such as optimizing network configurations or
upgrading hardware if required.
Scenario 2: Troubleshooting DNS Issues

Description: Utilizing Wireshark to troubleshoot Domain Name System (DNS) issues within a network
and identify potential causes of DNS resolution failures or delays.

Steps:
Start Wireshark and select the network interface connected to the network.
Initiate packet capture to monitor the DNS traffic.
Perform various tasks that involve DNS resolution, such as accessing different websites or services.
Analyze the captured DNS packets to observe the DNS queries and responses exchanged between the
client and the DNS server.
Look for any failed DNS queries, delayed responses, or unexpected behavior in the DNS traffic.
Use Wireshark's filtering capabilities to isolate specific DNS traffic for closer inspection.
Identify potential misconfigurations or issues within the DNS infrastructure that might be causing the
DNS problems.
Implement appropriate solutions, such as configuring the correct DNS settings or troubleshooting DNS
server configurations, to resolve the DNS issues.