1 UCCN1003 Data Communications and Networks Lab 08: Wireshark Analysis of Protocols – Trace Files Instructions: 1. Read the “Introduction” section for the background 2. Perform all the lab exercises, starting with exercise 1 3. Follow all the steps. 4. Record the results in all italic bold actions. 5. Paste your screen captures on a Word Document and save it. 6. Answer all the questions in italic and in blanks based on the observation of the results. 7. Write your answer in the same Word Document. 8. Please follow the sequence of the exercises, and don’t skip any step. 9. Please try your best to understand the steps of this lab. Introduction to Wireshark In this lab, you will learn how to use Wireshark to examine packets captured by a NIC and then save as a file, known as trace file. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues. A network packet analyzer will capture network packets and display the packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable. Here are some examples that people use Wireshark for: • network administrators use it to troubleshoot network problems • network security engineers use it to examine security problems • developers use it to debug protocol implementations • people use it to learn network protocol internals Exercise 1: Getting familiar with the “Pane” of Wireshark Wireshark's (v1.2.10) main window consists of parts that are commonly known from many other GUI programs. • The menu is used to start actions.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
UCCN1003 Data Communications and Networks
Lab 08: Wireshark Analysis of Protocols – Trace Files Instructions:
1. Read the “Introduction” section for the background
2. Perform all the lab exercises, starting with exercise 1
3. Follow all the steps.
4. Record the results in all italic bold actions.
5. Paste your screen captures on a Word Document and save it.
6. Answer all the questions in italic and in blanks based on the observation of the results.
7. Write your answer in the same Word Document.
8. Please follow the sequence of the exercises, and don’t skip any step.
9. Please try your best to understand the steps of this lab.
Introduction to Wireshark
In this lab, you will learn how to use Wireshark to examine packets captured by a NIC and then
save as a file, known as trace file.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting,
analysis, software and communications protocol development, and education. Originally named
Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
A network packet analyzer will capture network packets and display the packet data as detailed
as possible. You could think of a network packet analyzer as a measuring device used to examine
what's going on inside a network cable, just like a voltmeter is used by an electrician to examine
what's going on inside an electric cable.
Here are some examples that people use Wireshark for:
• network administrators use it to troubleshoot network problems
• network security engineers use it to examine security problems
• developers use it to debug protocol implementations
• people use it to learn network protocol internals
Exercise 1: Getting familiar with the “Pane” of Wireshark
Wireshark's (v1.2.10) main window consists of parts that are commonly known from many other
GUI programs.
• The menu is used to start actions.
2
• The main toolbar provides quick access to frequently used items from the menu.
• The filter toolbar provides a way to directly manipulate the currently used display filter.
• The packet list pane displays a summary of each packet captured. By clicking on packets
in this pane you control what is displayed in the other two panes.
• The packet details pane displays the packet selected in the packet list pane in more detail.
• The packet bytes pane displays the data from the packet selected in the packet list pane,
and highlights the field selected in the packet details pane.
• The status bar shows some detailed information about the current program state and the
captured data.
Menu
Main Toolbar
Filter Toolbar
Packet List
Pane
Packet Detail
Pane
Packet Bytes
Pane
Status Bar
3
1. Go to “menu” => “File” => “open” Lab_08_Ex1.pcap.
2. Refer to the “status bar” and answer the following question:
a. What is the total number of packets (or frames) in this file?