计网实验Basic Packet analysis by Wiredhark.doc

Test 2. Basic Packet analysis by WiredharkThe Wireshark packet analyser is used to capture and show the control information and data stored in packets transmitted on a network.In order to start capturing packet data transmitted over the network you need to specify an interface on which you want to capture information.1. On the menu bar, click on the capture option in the main Wireshark menu and then select the interfaces. This choice will let you to assign a network adapter for capturing data packets transmitted over the network. Select a network interface that can be used for data collection and click the corresponding Start button. (Such interface will have an IP address corresponding to the network segment was the data you are interested in originates). The data that have been collected during the capture will be shown in the Wireshark application window. To terminate a capture session click on the Stop button.2. The application window is divided into 3 panes. The top pane show a row of information for each packed captured (including a sequence number, capture time, source and destination address, the protocol used and information column about the purpose for each captured packet) . Note: source and destination addresses could be IP, MAC or port addresses (depending on the protocol used by the packet). (The order (ascending/ descending) of the content in each column can be changed by clicking on the Heading)3. The center pane displays the protocols associated by the selected packet. 4. The bottom pane displays the hexadecimal representation of data contained in the selected packet on the left and a character based version of same information on the right. Exercise1.1.Start a capture session and observe the middle pane for a few minutes.2.Open a browser and enter / into the browser address bar and press Enter.3.Once the science direct page displayed click the close button on the browser and Stop the Wireshark capture. Packet FilterThe data captured could be thousands of packets. In order to focus just on those packets which are relevant to the problem, we can use Wireshark filtering utility.Wireshark display filters can be created by typing the keyword into the Filter text box.For example if you want to see only those packets which contain TCP protocol, type TCP in the Filter text box and Wireshark will hide all the packets that do not meet the selection.4.Go to Wireshark window and type ftp in the Filter text box and then click on the Apply Button. Does it work? Why?NO,/ using the protocol is http, rather than ftp.5.To remove a filter and return to the full view click the Clear button.Type DNS in the Filter text box and click on the Apply Button.Does it work? Why?Yes。The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet.The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid a single large central database.6.Create a filter that displays only those packets that use HTTP protocol. Explain how you do this task:To remove a filter and return to the full view click the Clear button.Type HTTP in the Filter text box and click on the Apply Button.Exercise2 1.What is the purpose of DHCP? Can you filter packets that are using DHCP?How?DHCP is a client/server protocol used to dynamically assign IP-address parameters (and other things) to a DHCP client. It is implemented as an option of BOOTP.DHCP usesBOOTPas its transport protocol.Close all the windowsGo to command prompt and ask the server to release your IP address( by typing : Ipconfig/release)Start Wireshark and start filtering Packets associated with DHCP.Go back to thecommand prompt and ask the server to renew your IP address( by typing : Ipconfig/renew)Go to Wireshark and stop the wireshark captureObserve the filtered packets 2.Take a note of destination and source of these packets.Exercise 3In this exercise you will learn to filter and see the packets that your computer receives from one specific source. As an example you are going to capture the packets that you receive from .Logical and Comparison Operators (LCO):Wireshark display filter also use logical and comparison operators including equals (eq), less than (le), greater than (ge), and (and), (or), and (not). For complete list of available display filter go to the Wireshark Filter section in Help menu. Go to this section and explore available operators.1.What protocol is used by Ping command? List the steps that you need to take to check that. 1、open the wireshark，then click start2. Type ICMP in the Filter text box and click on the Apply Button3.win+R and type cmd，then type ping in the window of DOS2.Go to the command prompt and type nslookup www. S. Take a note of the output of this command.3.What is the purpose of nslookup command?Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them.4.Go to the Wireshark and view only those packets that are coming from .5.What did you wrote into the filter text box?Ip.addr=76.What is most used protocol used in center pane?TCP7.What is the full name and purpose of this protocol?Transmission Control ProtocolThe Transmission Control Protocol (TCP) is a core protocol of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). There