EX.NO:12 USE WIRESHARK TO CAPTURE PACKETS WHEN BROWSING THE INTERNET.

EXAMINE THE
STRUCTURE OF PACKETS: THE VARIOUS LAYERS, PROTOCOLS, HEADERS, PAYLOAD.
Aim: The aim of this experiment was to utilize Wireshark, a network packet analyzer, to capture and examine packets
during internet browsing. The focus was on understanding the structure of packets, including various layers,
protocols, headers, and payloads.

Wireshark Overview: Wireshark is an open-source packet analyzer that allows users to capture and inspect data
transmitted over a network. It is a valuable tool for network administrators, security engineers, QA professionals,
developers, and anyone interested in learning about network protocols.

Packet Structure and Components:

1. Packet Definition: A packet is a unit of data transmitted over a network. Wireshark captures and displays
these packets, allowing for detailed analysis.
 2. Wireshark Interface: The Wireshark interface consists of five parts: menu bar, packet listing window, packet
header details, packet contents window, and a filter field.

3. Basic Concepts: The report introduced fundamental network traffic concepts, including IP addresses,
computer ports, protocols (TCP/IP), and the OSI model.

Wireshark Filters: The report highlighted essential Wireshark filters for effective packet analysis. Examples include IP
address filters (ip.addr), protocol filters (protocol), port filters (tcp.port, udp.port), and specific packet analysis filters
(tcp.analysis.flags).

Packet Sniffing: Packet sniffing, demonstrated through Wireshark, is a process of capturing and analyzing data
flowing through a network. The report outlined steps for packet sniffing using Wireshark, emphasizing the application
of filters such as 'http.'

Username and Password Sniffing: The report illustrated a potential misuse of packet sniffing, specifically for
username and password retrieval. It detailed steps to capture and analyze data from a secure website (gmail.com)
using Wireshark.

Wireshark Statistics: Wireshark provides various statistics for in-depth analysis. The report covered statistics such as
capture file properties, resolved addresses, protocol hierarchy, conversations, endpoints, packet lengths, I/O graphs,
and service response time.
I/O Graphs and TCP Stream Graphs: The report explained the use of I/O Graphs to visualize network traffic and TCP
Stream Graphs to analyze the TCP sequence number over time. It provided step-by-step instructions on applying
filters and interpreting the graphs.
Important Observations:

1. Wireshark's versatility makes it an indispensable tool for network troubleshooting, security analysis, and
protocol debugging.

2. Understanding packet structure is crucial for effective packet analysis.

3. Filters play a vital role in narrowing down captured data for specific analysis purposes.

4. Packet sniffing can be misused for capturing sensitive information, highlighting the importance of secure
communication methods.

Procedures:

1. Open Wireshark and select the appropriate interface.

2. Capture network traffic and apply filters based on analysis requirements.

3. Use Wireshark statistics to gain insights into various aspects of the captured data.

4. Apply I/O Graphs and TCP Stream Graphs for visualizing network traffic patterns.

Conclusion: Wireshark serves as a powerful tool for network analysis, providing a comprehensive view of packet-level
details. The experiment successfully demonstrated the application of Wireshark for capturing and analyzing internet
browsing packets, showcasing its utility in different scenarios.

This report summarizes key concepts, procedures, and observations, emphasizing the significance of Wireshark in
understanding and troubleshooting network communication.