COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

Slides:



Advertisements
Similar presentations
Ubiquitous Computing Technology Research Institute Sungkyunkwan University Using Ethereal - Packet Capturing & Analysis Tool Sungkyunkwan University.
Advertisements

Chapter 7: Transport Layer
CCNA 1 v3.1 Module 11 Review.
Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.
1 Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark EE 122: Intro to Communication Networks Vern Paxson / Jorge Ortiz / Dilip Anthony.
Computer Security and Penetration Testing
Practical Networking. Introduction  Interfaces, network connections  Netstat tool  Tcpdump: Popular network debugging tool  Used to intercept and.
© 2006, The Technology Firm Ethereal The Technology Firm.
CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2013.
COEN 445 Communication Networks and Protocols Lab 3
Linux Operations and Administration
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
Packet capture and protocol analysis 1. Content TCP/IP Networking Review Packet Capture Protocol Analysis 2.
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
Session 10 Windows Platform Eng. Dina Alkhoudari.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
Computer Networking Course Introduction Dr Sandra I. Woolley.
Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.
Windows 7 Firewall.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Packet Analysis Using Wireshark for Beginners 22AF
1 TAC2000/ LABORATORY 117 Outline of the Hands-on Tutorial  SIP User-Agent Register Register Make calls Make calls  Fault-Finding Tools Observe.
1 TAC2000/ LABORATORY 117 Analyzing SIP Call Flows Dr. Quincy Wu National Chiao Tung University
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
Mr C Johnston ICT Teacher BTEC IT Unit 05 - Lesson 05 Network Protocols.
1. I NTRODUCTION TO N ETWORKS Network programming is surprisingly easy in Java ◦ Most of the classes relevant to network programming are in the java.net.
CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2014.
© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.
Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.
Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.
Integrating and Troubleshooting Citrix Access Gateway.
Practice 4 – traffic filtering, traffic analysis
Sniffer, tcpdump, Ethereal, ntop
Network Analyzer :- Introduction to Wireshark. What is Wireshark ? Ethereal Formerly known as Ethereal GUINetwork Protocol Analyzer Wireshark is a GUI.
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
Computer Networking.  The basic tool for observing the messages exchanged between executing protocol entities  Captures (“sniffs”) messages being sent/received.
Monitoring Troubleshooting TCP/IP Chapter 3. Objectives for this Chapter Troubleshoot TCP/IP addressing Diagnose and resolve issues related to incorrect.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea
COMP2322 Lab 2 HTTP Steven Lee Jan. 29, HTTP Hypertext Transfer Protocol Web’s application layer protocol Client/server model – Client (browser):
COMP2322 Lab 1 Introduction to Wireless LAN Weichao Li Apr. 8, 2016.
1 Network Communications A Brief Introduction. 2 Network Communications.
PORT CONNECTION STATUS CT Lab#4. TCP packet UDP packet Ports Background.
Fiddler and Your Website Robert Boedigheimer. About Me Web developer since 1995 Columnist for aspalliance.com Pluralsight Author 3 rd Degree Black Belt,
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Network Analyzer :- Introduction to Ethereal Computer Networking (Graduate Class)
Traffic Analysis– Wireshark
Application Layer Functionality and Protocols Abdul Hadi Alaidi
Networks Problem Set 3 Due Nov 10 Bonus Date Nov 9
CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2016.
FIREWALL configuration in linux
Lab 2: Packet Capture & Traffic Analysis with Wireshark
A Quick Guide to Ethereal/Wireshark
COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.
Networks Problem Set 3 Due Oct 29 Bonus Date Oct 26
Traffic Analysis with Ethereal
Due: a start of class Oct 26
Using Ethereal - Packet Capturing & Analysis Tool
Introduction to Packet Sniffing using Ethereal
IS 4506 Server Configuration (HTTP Server)
Network Analyzer :- Introduction to Wireshark
Wireshark(Ethereal).
TCP Protocol Analysis Access UMKC Home Page.
Network Analyzer :- Introduction to Wireshark
Computer Networks Protocols
Presentation transcript:

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016

Before the lab Review the content of communication architecture. Review TCP/IP model and protocol suite. Understand data transferring, layering, and encapsulation/demultiplexing. 2

Content Data capture basis and tools Getting started with Wireshark Advanced usage Traffic and protocol analysis 3

Packet capture Why do we need to capture packets? – troubleshoot network problems – examine security problems – debug protocol implementations – learn network protocol internals 4

Existing packet capture tools/sniffers Classic tools – Wireshark ( – tcpdump ( Other tools – Ettercap – Dsniff – Ntop – KISMET – WinDump – Tshark – … 5

What is Wireshark? An open-source network protocol analyzer – capture network packets – display that packet data Decodes 1,926 protocols (V2.0.1). Supports command-line and GUI interfaces. Run on many platforms, including Windows, OS X, Linux, and UNIX. Many online resources Wireshark User’s Guide ( 6

How does Wireshark work? Winpcap Wireshark libpcap WindowsLinux 7

Libpcap and Winpcap Libpcap and Winpcap are libraries for network traffic capture, providing the core functions of packet capturing. – Linux/Unix -> libpcap – Windows -> winpcap Homepage of libpcap: – Homepage of winpcap: – 8

Tcpdump and Windump Tcpdump – Unix-based command-line tool used to analyze packets Include filtering to just capture the packets of interest – Homepage: Windump – The Windows version of tcpdump – Homepage: 9

Tshark Also a network protocol analyzer Command-line version of Wireshark User manual: pages/tshark.html pages/tshark.html 10

Basic usage of Wireshark Tip: packet capture need root / administrator privileges Packet capture: select the right interface! Save / open trace 11

Practice 1: my first packet trace Y:\Win32\WiresharkPortable_1.4 Select the right interface. Start packet capture for 10 seconds and save the trace. Question 1 (2 marks for each part in a question) – A) How many interface have you observed? What are they? – B) Which interface will you choose and why? 12

Advanced usage (1): filters Capture filters – Only the packets meeting the rule will be captured and decoded in Wireshark. – Syntax Specify protocols: ip, tcp, udp Specify host: host, dst, src More filters can be found: Display filters – Do not affect captured packets. – Only determine whether or not to display some packets. – Syntax Useful: Follow TCP Stream More filters can be found: 13

Advanced usage (2) Follow a stream. – Stream: [IP address A, port A, IP address B, port B] Adjust the layout and columns. – Edit -> Preference Statistics – Summary: general statistics about the current capture file – Conversations: statistics of the captured conversations Conversation is the traffic between two specific endpoints – Endpoints: traffic statistics of an end host – IO Graphs: visualizing the number of packets in time – … 14

Analyze Web application The World Wide Web (WWW) is the most popular Internet application. Answer the following questions (Question 2): – A) What’s the relationship between Web and HTTP? – B) What type of protocols does HTTP belong to? – C) How many application protocols have you captured when accessing a website? 15

Practice 2: analyze HTTP traffic Y:\Win32\WiresharkPortable Select the right interface. Visit Analyze HTTP traffic (Question 3) – A) What’s your HTTP request method? – B) What’s your HTTP request version? – C) What’s the status code in the response? What does it mean? 16

Practice 2 (cont’d) Apply a display filter so that only HTTP packets are shown (Question 4) – A) How many HTTP requests have been sent to the Web server? – B) Write down each request (at least 3). 17

Practice 3 Try different capture filters (Question 5) – A) How can I capture only HTTP traffic? – B) How can I capture only the traffic from/to a specified host? Visit again and analyze the HTTP traffic (Question 6) – A) What’s your IP address? – B) What’s the server’s IP address? Visit and analyze the HTTP traffic (Question 7) – A) What’s the difference compared with the last step? 18

Practice 3 (cont’d) Visit and analyze HTTP traffic (Question 8) – A) What’s the difference compared with the previous steps? – B) How many Web servers have you accessed? – C) Write down the exact IP addresses of servers. – D) Explain what happened in this HTTP session. 19

Practice 4 Delete capture filter Start a new capture Visit When the page is fully loaded, stop capturing Compare the throughput between UDP and TCP in time (through Statistics->IO Graphs) 20

Practice 5 Start a new capture Visit When the page is fully loaded, stop capturing Identify the HTTPS traffic (Question 9) – A) What’s the default port of HTTPS? – B) What can you see after applying “follow the TCP stream”? – C) Write down the process of how a https connection is established. 21

Practice 6 Visit and analysis HTTP traffichttp:// – Record the IP address of the Facebook server – Save the trace Visit Facebook again at home, and compare the trace with the one obtained in campus (Question 10) – A) Record the IP address of the Facebook server. – B) Is the IP address recorded at home the same as the one recorded in campus? – C) If not, explain why the servers are different. 22

Further reading CDN (content delivery network) – content-delivery-networks-cdns-work/ content-delivery-networks-cdns-work/ 23

Thanks 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.