Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.

Similar presentations

Presentation on theme: "COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017."— Presentation transcript:

1 COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017

2 Packet capture Why do we need to capture packets?
Troubleshoot network problems Examine security problems Debug protocol implementations Learn network protocol internals

3 Existing packet capture tools/sniffers
Classic tools Wireshark tcpdump Other tools Ettercap dsniff ntop Kismet WinDump TShark

4 What is Wireshark? An open source network protocol analyzer
Capture network packets Display packet data Supports 2157 protocols (as of v2.2.3) Supports command-line and GUI interfaces Supports multiple platforms including Windows, macOS, Linux and Unix Wireshark User’s Guide (

5 libpcap and WinPcap Libraries for network traffic capture
Provide the core functions of packet capturing Linux/Unix: libpcap ( Windows: WinPcap (

6 Practice 1 Y:\Win32\WiresharkPortable_1.4 Select the right interface.
Start packet capture for 10 seconds and save the trace Question 1 (4 marks) How many interface(s) do you see? What are they? Which interface have you chosen and why?

7 Filters Capture filters Display filters
Only packets that meet the rule(s) are captured and decoded Syntax: Display filters Do not affect what packets are captured Only affect which captured packets are displayed

8 Some other features Follow TCP stream Statistics
Analyze → Follow → TCP Stream Statistics Capture File Properties: statistics on this capture file Conversations: statistics on captured conversations A conversation is the traffic between two specific endpoints Endpoints: traffic statistics on end hosts IO Graph: visualization of captured network packets

9 Practice 2 Visit
Question 2 (22 marks) What capture filter can be used to capture only HTTP traffics? What display filter can be used to display only HTTP traffics? What is your IP address? What is the server’s IP address? What is the HTTP version? What is the HTTP request method? How many HTTP request(s) is/are sent to the server? Mark the request packet(s) by right-clicking it/them and select Mark/Unmark Packet. What is/are the status code(s) in the response(s)? How many application protocol(s) is/are captured while accessing the website? What protocol(s) does HTTP rely on? What is the relationship between HTTP and the World Wide Web (WWW)?

10 Practice 3 Visit Question 3 (4 marks)
What port does HTTPS use? How is a HTTPS connection established?

11 Practice 4 Visit Question 4 (4 marks)
What are the IP addresses of Facebook when visited at home and on campus? Are the IP addresses the same? If not, can you guess why? (Hint: content delivery network (CDN))

Download ppt "COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017."

Similar presentations

Ads by Google