Professional Documents
Culture Documents
Step 2. Examine the Packet List Pane in Wireshark. Locate the Ping packets. You can reference the
addresses that are shown in the message shown at the command line window. At the Packet List Pane
window of Wireshark find:
1. Echo Request
2. Echo Reply
6. Are both source and destination addresses listed at the window the addresses you were expecting?
Yes/No. Why?
Yes there are two IPs, my computer and the web server The eco request was sent from 192.168.100.26 to
69.48.185.170 . Also, Echo (ping) reply was sent from 69.48.185.170 to 192.168.100.26.
Hapi 3. Choose with the mouse the first echo request package on the list. The information about this
package will be displayed to you at Packet Detail Pane. Click on each of the 4++ on the left of each row
to expand the information.
Assignement Nr
As you can see, details of each section and protocol will be expanded further. Observe this information for a few
minutes. At this stage of your knowledge you may not fully understand the information displayed, but only note
the information you know.
9. Localize two different types of “Source” and “Destination”. Why are there two types?
Having both types allows flexibility and efficiency in network communication. The globally unique address ensures
global uniqueness and facilitates device identification, while the individual address enables efficient one-to-one
communication between devices.
While you selected a row at Packet Detail Pane, a piece or all information on Packet Bytes Pane will be
illuminated. This shows the specific binary values representing that information in the PDU. At this stage
of your knowledge, it is not necessary to understand this information in detail.
Step 4. Go to the File menu and select Close. Click Continue Without Saving when the dialog window
appears..
<P><font face="Arial, Helvetica, sans-serif"> You've now transferred a copy of alice.txt from\n
your computer to \n
gaia.cs.umass.edu. You should now stop Wireshark packet capture. It's time to start analyzing the
captured Wireshark packets! </font>\n
\n
</FORM>\n
\n
\n
Examine the highlighted part of Byte Panel. This shows the HTML data carried by the package. A piece of data
captured in the HTTP session can be displayed as in the figure.
Before the HTTP session begins, the TCP session must be created. This looks in the first three rows of session,
numbers 10, 11, 12. Use your Wireshark output and answer the following questions.
Assignement Nr
1. Fill the table using the information shown at the HTTP session.
Web browser IP address Source Address: 128.119.245.12
Web server IP address Destination Address: 192.168.100.26
Transport layer protocol (UDP/TCP) Protocol: TCP (6)
Web browser port number Source Port: 80
Webserver port number Destination Port: 53907
Language Accept-Language: en-US,en;q=0.9\r\n
3. Which computer starts signaling the end of an HTTP session and how?
4. Select the first row of HTTP protocol, the GET request from the web browser. Refer to the figure
above. Look at the middle window of Wireshark to examine protocols in layers. If necessary, extend the
information.
Source Address: 192.168.100.7
Destination Address: 192.229.221.95
6. Expand the last record of the protocol, and each subfield. This is the information sent to the web
server. Fill the table using the information from the protocol
Protocol Version 4
Request Method GET
*Request URI [RequestURI:
http://gaia.cs.umass.edu/wireshark-labs/lab3-
1-reply.htm]
Language Accept-Language: */*\r\n
Assignement Nr
*Request URL is the way to the required document. In the first browser, the road is the root directory of the
webserver. Although no page is required, some web servers are configured to display the default file if there is
one.
The web server responds with the next HTTP package. In the example figure above this is in line 15. The
answer to the web browser is possible because the web server (1) understands the type of request and
(2) has a return file. “Crackers” often send unknown or confusing requests to the web server in order to
stop the server's work or gain access to the command line server. Also, a request for an unknown web
page can result in a error message.
7. Choose the web server response and then switch to the middle window of Wireshark. Open all HTTP
sub-fields. Notice the information from the server. In this response there are only a few lines of text
(web server responses may contain hundreds or millions of bytes). The web browser understands the
answer and correctly formats the data in the browser window.
8. Which is the web server response to the Get request by the web client?
Response Phrase: Not Modified
Go to the File menu and select Close. Click Continue Without Saving when the dialog window appears.
Close Wireshark.
3. Reflection
Consider the encapsulation information related to network data capture that Wireshark can provide.
Connect this to models with OSI and TCP/IP layers. It's important to know and connect the presented protocols,
the relevant layer and the type of encapsulation model with the information Wireshark provides.
4. Challenge
Discuss how you can use a protocol analyzer such as Wireshark to: