1
Networking & Wireless Routers VIII
Wireshark
20 Points
TU Networking 3342Dr. Thomas Hicks
2
---------------------- Integrity Check ----------------------
As You Well Know, It Is A Violation Of Academic IntegrityTo Fake The Results On Any Of Your Labs.
Your Name
_________________
Name This Presentation:Tom-Hicks-7-Router-Wireless-Lab.pptx
{Substitute Your First & Last Names}
4
Create File DataTransfer.txt
5
Use Visual Studio To Create A File, Called DataTransfer.txtThe File Is To Contain Approximately 75 MB Of Letters A-Z In The
Following Format:Replace The Screen Capture Below With Yours!
6
Use Visual Studio To Create A File, Called DataTransfer.TxtDisplay The File Size.
Replace The Screen Capture Below With Yours!
This Is Close Enough!
7
You Will Need ThreeComputersFor This
Lab
Name System 1, System 2, & Your System
CS-_??_ & CS-_??_ & CS-_??_
DataTransfer.txt
9
Connect All Three Computers To Your
Router With A Wireless Adapter
10
Configure Your D-Link N Access Point To The Proper Static IP
CS-1 to CS-4
CS-1 Static DNS = CS-1.cs.trinity.edu Static IP = 131.194.71.119 Router DNS = CS-8.cs.trinity.edu Router IP = 131.194.71.141 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.20
CS-2 Static DNS = CS-2.cs.trinity.edu Static IP = 131.194.71.120 Router DNS = CS-9.cs.trinity.edu Router IP = 131.194.71.142 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.21
CS-3 Static DNS = CS-3.cs.trinity.edu Static IP = 131.194.71.121 Router DNS = CS-10.cs.trinity.edu Router IP = 131.194.71.143 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.22
CS-4 Static DNS = CS-4.cs.trinity.edu Static IP = 131.194.71.179 Router DNS = CS-11.cs.trinity.edu Router IP = 131.194.71.146 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.23
11
Configure Your D-Link N Access Point To The Proper Static IP
CS-5 to CS-7
CS-5 Static DNS = CS-5.cs.trinity.edu Static IP = 131.194.71.52 Router DNS = CS-12.cs.trinity.edu Router IP = 131.194.71.147 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.24
CS-6 Static DNS = CS-6.cs.trinity.edu Static IP = 131.194.71.167 Router DNS = CS-13.cs.trinity.edu Router IP = 131.194.71.148 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.25
CS-7 Static DNS = CS-7.cs.trinity.edu Static IP = 131.194.71.140 Router DNS = CS-14.cs.trinity.edu Router IP = 131.194.71.149 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.25
12
Your System Wireless Access Point You May Use Any Device You Like
Identify & Add PhotoConnect It To Your Router!
Replace The Screen Capture Below With Yours!
Access Point : ______________________________________ Access Point = _?_ (D-Link USB DWA-130/ Belkin USB Wireless G F5D7050 / Netgear Wireless G PCI Card WG311NA / D-Link USB DWL-G132 / etc.)
Made By : __________________________________________ (D-Link, Belkin, Netgear, Linksys, etc.)
Attach A Photo Of The Device: (Do Internet Search!)
13
System 1 Wireless Access Point You May Use Any Device You Like
Identify & Add PhotoConnect It To Your Router!
Replace The Screen Capture Below With Yours!
Access Point : ______________________________________ Access Point = _?_ (D-Link USB DWA-130/ Belkin USB Wireless G F5D7050 / Netgear Wireless G PCI Card WG311NA / D-Link USB DWL-G132 / etc.)
Made By : __________________________________________ (D-Link, Belkin, Netgear, Linksys, etc.)
Attach A Photo Of The Device: (Do Internet Search!)
14
System 2 Wireless Access Point You May Use Any Device You Like
Identify & Add PhotoConnect It To Your Router!
Replace The Screen Capture Below With Yours!
Access Point : ______________________________________ Access Point = _?_ (D-Link USB DWA-130/ Belkin USB Wireless G F5D7050 / Netgear Wireless G PCI Card WG311NA / D-Link USB DWL-G132 / etc.)
Made By : __________________________________________ (D-Link, Belkin, Netgear, Linksys, etc.)
Attach A Photo Of The Device: (Do Internet Search!)
15
Your Router Configuration From
Lab 8 Is Fine!
16
Configure Your D-Link N Access Point To The Proper Static IP
CS-1 to CS-4
CS-1 Static DNS = CS-1.cs.trinity.edu Static IP = 131.194.71.119 Router DNS = CS-8.cs.trinity.edu Router IP = 131.194.71.141 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.20
CS-2 Static DNS = CS-2.cs.trinity.edu Static IP = 131.194.71.120 Router DNS = CS-9.cs.trinity.edu Router IP = 131.194.71.142 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.21
CS-3 Static DNS = CS-3.cs.trinity.edu Static IP = 131.194.71.121 Router DNS = CS-10.cs.trinity.edu Router IP = 131.194.71.143 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.22
CS-4 Static DNS = CS-4.cs.trinity.edu Static IP = 131.194.71.179 Router DNS = CS-11.cs.trinity.edu Router IP = 131.194.71.146 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.23
17
Configure Your D-Link N Access Point To The Proper Static IP
CS-5 to CS-7
CS-5 Static DNS = CS-5.cs.trinity.edu Static IP = 131.194.71.52 Router DNS = CS-12.cs.trinity.edu Router IP = 131.194.71.147 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.24
CS-6 Static DNS = CS-6.cs.trinity.edu Static IP = 131.194.71.167 Router DNS = CS-13.cs.trinity.edu Router IP = 131.194.71.148 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.25
CS-7 Static DNS = CS-7.cs.trinity.edu Static IP = 131.194.71.140 Router DNS = CS-14.cs.trinity.edu Router IP = 131.194.71.149 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.25
18
Co
DisableEthernet Cat-5Adapter On All Three Systems
19
Disable All Access Points Except The WirelessOn Your System!
Replace The Screen Capture Below With Yours!
20
Disable All Access Points Except The WirelessSystem 1!
Replace The Screen Capture Below With Yours!
21
Disable All Access Points Except The WirelessOn System 2!
Replace The Screen Capture Below With Yours!
22
Co
Install Wireshark
On Your System
23
Remote Into Your SystemReplace The Screen Capture Below With Yours
24
Co
Capture Packets Being Sent To Your System
Grab The Packets
25
Put a Copy Of DataTransfer.txt In The Share Folder On System 1. Start WireShark. Copy DataTransfer.txt From The Share Folder Of
System 1 To Your Desktop Capture Using The Wireless Adapter
26
Stop The Ethernet Card Capture. Sort By Source. Show Some Of The DataTransfer.txt FileReplace The Capture Below With Yours.
27
Co
Capture Packets Being Sent From
Your System
Grab The Packets
28
Open The Share Folder Of System 2. Start WireShark. Copy DataTransfer.txt From Your Desktop To The Share Folder Of System 2
Capture Using The Wireless Adapter
29
Stop The Ethernet Card Capture. Sort By Source. Can You See Data Being Transferred Out?
If So, Add A Capture Below; If Not, Explain Below!
30
Co
Capture Packets Transferred Between Two Other Systems
Grab The Packets
31
Go To System 1. Open The Share Folder Of System 2. Start WireShark On Your System (No Longer Involved In the Transfer).
Copy DataTransfer.txt From System 2 To Desktop System 1 Capture Using The Wireless Adapter
32
Stop The Ethernet Card Capture. Sort By Source. Can You See Data Being Transferred By Other Systems?
If So, Add A Capture Below; If Not, Explain Below!
33
Co
EnableEthernet Cat-5Adapter On All Three Systems
Remove The WirelessAdapters
34
Re-Enable The Cat-5 Adapter On Your SystemRemove The Wireless Adapter.
Replace The Screen Capture Below With Yours!
35
Re-Enable The Cat-5 Adapter On System 1Remove The Wireless Adapter.
Replace The Screen Capture Below With Yours!
36
Re-Enable The Cat-5 Adapter On System 2Remove The Wireless Adapter.
Replace The Screen Capture Below With Yours!
37
Co
Ethernet Cat-5Capture
On Your System
38
Start A Capture On Your System. Start A Browser On Your System. Navigate To Carme.cs.trinity.edu
Show The HTTP Traffic To Carme.Replace The Screen Capture Below With Yours.
39
Plug Your System & System 1 Into The Same Switch. Start Wireshark On Your System. Take The Browser On System 1 To Carme . Do You
See Carme Browser Request From Other Systems? If So, Add A Capture Below; If Not, Explain Below!
40
Co
Promiscuous Ethernet
Monitoring
41
Promiscuous Monitoring Of Wireless Networks #1
42
Promiscuous Monitoring Of Wireless Networks #2
43
Questions #1
Explain : What Is The Difference Between Promiscuous And Non-Promiscuous Wireless Capture?________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________
____ {T/F} Any Ethernet adapter can be used for promiscuous mode monitoring in a wired Ethernet network
____ {T/F} Any Wireless Ethernet adapter is equally good for strength, and other important statistics and indicators.
44
Questions #2
____ {T/F} Standard drivers for wireless NICs support promiscuous mode ("RF Monitoring")
While the adapter can receive radio signals on a given frequency regardless of the destination MAC address in the packet, the packets that are not addressed to this adapter are _?_ by the driver, and there is no way to make the standard driver pass them to the network monitoring software.
_____ {T/F} A number of network monitoring software vendors make special RF monitoring drivers for all wireless adapters.
45
Questions #3
In order to do promiscuous packet gathering, the user must obtained a supported wireless _?_, install the wireless monitoring program, replace the original driver by the special RF monitoring driver
List the Make, Model, and Vendor Of All Wireless Adapters Made Available To You By Dr. Hicks.__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
46
Questions #4
The Real Question : [ "Is there a RF monitoring driver for my Wi-Fi card and operating system?"] Do An Internet Search For Each Of The Adapters Listed On The Previous Slide.
Adapter RF Monitoring Driver
_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}
47
Questions #5
Software to do promiscuous packet gathering is called a W_?_ A_?_
Aside from the problems related to NIC drivers, wireless traffic is sometimes encrypted using WEP (an older standard) or WPA. A good WLAN Analyzer must be capable of _?_ encrypted network traffic on the fly utilizing a user-provided WEP or WPA-PSK key.
A WLAN analyzer may not be required if all you need to monitor is the traffic between the wireless stations and the Internet. Using a standard, non-wireless monitor on a M_?_ port would make it possible to capture the packets being sent and received through the access point. A network layout illustrating this method is shown below.
48
Questions #6
Software to do promiscuous packet gathering is called a W_?_ A_?_
Aside from the problems related to NIC drivers, wireless traffic is sometimes encrypted using WEP (an older standard) or WPA. A good WLAN Analyzer must be capable of _?_ encrypted network traffic on the fly utilizing a user-provided WEP or WPA-PSK key.
A WLAN analyzer may not be required if all you need to monitor is the traffic between the wireless stations and the Internet. Using a standard, non-wireless monitor on a M_?_ port would make it possible to capture the packets being sent and received through the access point. A network layout illustrating this method is shown below.
49
Co
Packet Monitoring Software
50
Mirror Port Software
51
Questions #7
"How can I see all of the subnet traffic using Network Monitor?". The most efficient way to do this is to attach your computer's ethernet connection directly to the "_?_" port on your switch.
On Cisco switches the mirroring port is called the _?_port and use a software program called a "Switched Port Analyzer".
____ {T/F} Almost all switches today come with one of these ports to allow system administrators to analyze network traffic using a packet sniffing product like Distinct Network Monitor.
52
Questions #7
Why do you need to attach to the mirror port? Well, technically when a NIC driver is in promiscuous mode, it is able to see all of the traffic that is travelling on the wire it is attached to. However, that traffic may be in fact limited to its _?_ traffic and _?_ broadcast traffic in the case of a switched network.
As an administrator, the most efficient way for you to analyze traffic that is not visible from your computer is to capture it using the mirror or _?_port on your switch.
When this is not possible Distinct Network Monitor does offer one more option through its Agents. Using Agents you will be able to analyze traffic that is not visible from your computer.
53
Co
Packet Monitoring Software
54
Questions #8
Do an Internet Search - List at least half a dozen software products which enable packet monitoring on Windows systems. Include the Software Name and Price.
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
55
Questions #9
Do an Internet Search - (cont)
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
Software _____________________________ $_________URL____________________________________________
56
Questions #10
What Is Port Mirroring:_______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________
57
Port Mirroring On Inexpensive Linksys Switch?
58
Co
Make Sure All Three Systems Are
Still Accessible via Remote Desktop
59
Co
Extra Credit
60
Extra CreditTransfer DataTransfer.txt From One Computer To Another Wirelessly. Use A Third Computer To Capture Packets In
Promiscuous Mode. Include Sufficient Screen Captures & Explanation To Duplicate Your Efforts (i.e. What Card, What Software, Where Download, How Do,
etc..