$25
Wireshark
Assignment
OK, let's start with Wireshark!
1) Start a capture session using Wireshark. From the main screen of Wireshark, you need to select the interface you are using to connection to the Internet, example: Wi-Fi, see below screenshot
Capture traffic when you are opening a web page in your browser. Open the web page http://www.ox.ac.uk. Please save the trace you use in the lab and submit it with your answers. To save go to “File” and select save file (e.g., call it NetID (which is your NetID)).
2) Stop capturing and examine the trace and find the exchange of packets between your machine and the web server (the host providing the web pages to your machine). In the trace you can see many protocols listed. Some of these protocols are called transport protocols. Answer the following:
a- Which transport protocol is used between your machine and the web server?
b- You will see that other protocols are captured in your trace. One such protocol is HTTP. What is the relationship between the transport protocol you identified and HTTP? c- Type in “http” (without the quotes, and in lower case – all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered “http”). This will cause only HTTP messages to be displayed in the packet-listing window. To see the exchange of HTTP messages with the web server, click statistics → flow graph → then check the “limit to display filter” box. Take a snapshot or copy/paste the packets displayed on the monitor (no need to scroll down and copy all).
3) In the trace you will find IP addresses within the packets. Answer the following:
a- Find an example packet in the trace where the IP address associated with your machine is present. Provide this example packet with your submission (take a screen dump or cut and paste the packet).
b- We discussed protocol layers in class. Which layer is the IP associated with? Which layer is the transport protocol you identified in sec. 2 a is associated with? Which layer is the HTTP protocol associated with?
Make sure to provide your answer in the required sequence. You may use a table like this to answer this section:
Layer
Protocol
4) Let’s examine some MAC information.
a- We discussed the MAC (medium access control) address in class. You can find the MAC address of your machine using ifconfig /all a on unix, Linux, windows, and OSX machines - at the command line. If you are using the WLAN, look for Physical Address under
Wireless LAN adapter Wi-Fi. Take a snapshot for this part, the output should be like this:
b- Can you find the MAC address for your machine in the trace?. What is the MAC address of your machine? Hint: you should click on a message originated from your machine and then click on Ethernet II in the packet details pane to see the MAC address (shown as Src address). (take a screen dump for the Ethernet II details that show this).
c- What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of www.ox.ac.uk ? (Hint: the answer is no).
What device has this as its Ethernet address (MAC address)? Based on the answer you will provide, why this the address of this device and not that of the web server that is hosting ox.ac.uk?
5) Answer the following:
a- Before doing this part, start capturing a new trace (make sure that you save the previous trace file).
Now, at the command line on your machine, type ping www.ox.ac.uk. Did you get 4 replies? If so, stop capturing via Wireshark. Take a snapshot for the output of the ping command.
What does the time (in ms) given there (at the command line) refer to? Hence it is related to the delay components we covered in the 1st lecture. FYI, you can see the packets resulted from typing ping, captured by the Wireshark. To see these, type ICMP in the filter field.
Take a screen dump or cut and paste the packet that shows these packets. There should be 8 packets.
b- Repeat part a for www.lincoln.ac.nz
For this part, include screen dumps or cut and paste packets as in a.
Why is the time in ms greater when compared to that in part a? What do you think? You may use a simple equation and one line of description to answer this question.