networking and wireshark app, computer science assignment help

Anonymous
timer Asked: Oct 7th, 2016
account_balance_wallet $5

Question Description

the class is about networking and in this lab we use wireshark app

i need u to complete the lab4--5.3 (from point 33 easy steps) 

and also please do the thought questions for  5.2 & 5.3  

Unformatted Attachment Preview

For the next one down I change with you the www.micrisift.com to www.towson.edu 33. 5.3 As you said in the cookie does not show up due the security Me E« yiew So Capture analyze sattelKs Help Bit a* a at tf P S X S S ' ^ * <*• s. H|H rrctps [ACK] seq-1 Ackk-42 Wln-64298 serv-http > http [ACK] Seq-li^o ACK»14^3 WTn-&55ii Ler /comp1ete/search?r4«www. goog lea/out put-tool bar &c1 1ent-t 53212 49 221403 72.14.207.1 serv-http > http [ACK} seq-2044 Ack-1896 wln-65074 Ler 1 5 5 . 9 7 243 201 2O 4 b 6 5 65 70 2d 41 2dO 3 33 64 34 64. 6c 69 76 65 Od Oa 43 32 30 * (http.host). 22 byte* 6f 35 36 39 65 36 3a 54 Packets: 1 -13Displayed: H3MatfcatfcODropped: 0 I Profile: Default Figure 5-3: Captured packets. 24. Scroll down until you see a line that has "GET / HTTP/1.1" in the Info column. (You may have to try more than one until you get to the packet that shows "www.Google.com" in the bottom pane.) 25. Select that row. 26. In the bottom pane you will see a bunch of numbers to the left. (It's the packets contents in hexadecimal.) Just to the right you will see the content of the packet in a column. 27. Select the text: www.Google.com. 28. Take a screenshot. Note: You just picked packets off your network and looked at their contents. There may have been a lot of traffic that you couldn't interpret. Don't worry about the information on your screen that is difficult to understand. In the next project you will use a filter to capture only Web traffic going over port 80. 1. What do the different colors mean? 2. Why does your computer get packets that are addressed to another machine? 3. How many packets does your computer send/receive in a single mouse click when you visit a Web site? 4. Could you organize or filter the traffic to make it easier to understand? Now you are going to filter out all the "extra" packets you captured and just look at Web traffic. Too often you will capture much more information than you will ever want or need. Being able to filter out the traffic you don't want is an important skill. Before you can filter packets you need to understand a little bit about "ports." Ports are like doors and windows on your house. Your house has several points of entry (including doors, windows, chimneys, etc.) through which people could enter your house. Computers work the same way. Each point of entry on a computer is called a port. Information comes into a computer through a port. Each port is given a specific number so it's easier to remember. Below are some of the more common port numbers that you'll need to know: Port 110-POP (email) Port 21 - FTP (supervisory) Port 25 - Email Port 20 - FTP (data) Port 23 - Telnet Port 80 - Web Port 143 - IMAP (email) Port 443 - SSL (encrypted) Your house has an address to locate it and a front door for people to enter. Your computer works the same way. It has an IP address to locate it and a port to enter. You can filter packets by IP address or by port number. A thorough understanding of TCP/IP will greatly aid your understanding of how packet filtering works. There are many great tutorials available on the Web that will teach you the basics of TCP/IP. Below are instructions on how to filter out all packets EXCEPT Web traffic by creating a filter for just port 80. This will capture all the Web traffic going to ALL the computers on your local network. Reread the last sentence. Yes, you read that correctly, it may even capture Web traffic intended for other computers on your network. This is one of the reasons why packet sniffers are important to learn. 1. With Wireshark open click Capture and Options. 2. If you haven't already done so, select your Network Interface Card (NIC) in the Interface dropdown menu at the top of the screen. (Your NIC will undoubtedly have a different name.) 3. Enter "tcp port 80" in the box next to Capture Filter. (See Figure 5-4.) Capture Interface: -RealtekRTL8139/810x Family Fast Ethernet NIC IP address; 155.97.243.201 Buffer size: 1 0 £, megabyte(s) Capture packets in promiscuous mode O Limit each packet to [Capture Filter:] bytes tcp port SCij Capture File(s) Display Options File: 0 Update list of packets in real time D Use multiple files Hide capture info dialog 0 Automatic scrolling in live captut e 0 Name Resolution 0 Enable MAC name resolution CH Enable network name resolution 0 Enable transport name resolution Figure 5-4: Configuring Wireshark to capture port 80 traffic. 130 Pa Edit »ew go Capture Analyze « « & it M B x Statistics s> Source 155.97.243.201 155.99.22.200 155.97.243.201 155.97.243.201 a!55-99-22-200.deploy 155.97.243.201 155.97.243.201 64.233.167.147 155.97.243.201 155.97.243.201 1616.040456 155.97.243.201 1416.040408 64.233.167.147 12 16.040354 BiQ Destination Protocol 155.99.22.200 HTTP 155.97.243.201 HTTP 155.99.22.200 TCP al55-99-22-200.deploy HTTP 155.97.243.201 HTTP a!55-99-22-200.deploy TCP 64.233.167.147 TCP 155.97.243.201 TCP 64.233.167.147 TCP GET /guest/rush! 1mb/rushSLIC'E/New750x470/750tax HTTP/1.1 304 Not Modified 1nformatlk-lm > http [ACK] Seq-696 Ack-160 w1n« GET /gue5t/rushl1mb/rushSLIDE/New750x470/750tv.' HTTPA-1 304 Not Modified 1nformat1k-lm > http [ACK] seq-1387 Ack-319 wiri e1con-slp > http [SYN] seq-0 w1n-65535 Len-0 MS http > eicon-slp [SYN, ACK] Seq-0 Ack-1 wln-572 http > eicon-slp [ACK] seq-1 Ack-918 w1n-7336 u [TCP segment of a reassembled PDU] TCP 64. 2 3 3 . 1 6 7 . 1 4 7 elcon-slp > http [ACK] seq-918 Ack-1381 w1n-655 e1con-slp > http [ACK] seq-918 Ack-2953 win-655 GET /1ntl/en ALL/imaaes/loao.a1f HTTP/I.1 I GET / HTTP/I.IV\ [truncated] Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application Accept-Language: en-us\r\ UA-CPU: x86\r\ Accept-Encoding: gzip, deflate\r\ [truncated] user-Agent: Mozilla/4.0 (compatible; MSIE 7.0; window: NT 5.1; Mozilla/4.0 (compatible; MSIE 6 . 0 ; windo'! Host: www.google.com\r\ connection: Keep-Alive\r\ cookie: PREF=ID«c7fdc9el74534f7b:TB=2:TM=1209657598:LM»1209657598 S-hI9qaIzGrxcui3XO; NID=10-eoKAADljz4CwM8lEQUwnwe \r\ CLR 3.0 . 0 4 5 0 6 . 3 0; infop ath.2; . NET CLR 3 . 0 . 0 4 5 0 6.648; . NET CLR 3.5.2102 2 ) . . 5 U'iliWiflJ>lll^i*'ll Mconriec tic ep-Alive . . c o o k i e : PREF=I D-c7fdc9 e!74534f 7b:TB=2: TM-12096 5 7 5 9 8 : L M 3d^68 49 =1209657 5 9 8 : S = h I 40 Marked: 0 Dropped: 0 Profile: Default Figure 5-5: Viewing the contents of a packet. 4. Close ALL other programs you currently have open except your word processing program (Microsoft Word, OpenOffice Writer, etc.). 5. Click Start. 6. Open a Web browser and go to www.Google.com. 7. Click Capture and Stop. 8. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more than one until you get to the www.Google.com packet.) 9. Select that row. 10. In the bottom pane you will see a bunch of numbers to the left. (It's the contents of the packet in hexadecimal.) Just to the right you will see the contents of the packet in a column. 11. Select the text www.Google.com. 12. Take a screenshot. (See Figure 5-5.) P a g e j 131 Capture Fife £dit tfew £o Capture Analyze Statistics Telephony Tools tlelp Filler: j IP address: 155,97.243.202 • w w a i a c ^ B i x e M ^ > * *> w a p|a| Interface: Local i v l RealtekRTLS 139/81 Ox Family Fast Ethernet NIC [^ ) 1 ' [ | Capture packets in pcap-ng format (experimental) D Limit each packet to ! • File: No. - £i megabyte(s) bytes Display Options I [firowse. jj Automatic scrolling in live capture 1 . it a it n Enable transport name resolution j Start j | Cancel Destination 155.97.243.202 65.55.21.250 155.97.243.202 155.97.243.202 65.55.21.250 155.97.243.202 65.55.21.250 155.97.243.202 65.55.21.250 65.55.21.250 . . Expression.. Protocol 65.55.21.250 155.97.243.202 65.55.21.250 65.55.21.250 155.97.243.202 65.55.21.250 155.97.243.202 65.55.21.250 155.97.243.202 155.97.243.202 > TCP HTTP TCP HTTP TCP TCP HTTP TCP TCP HTTP Q. q. Q ED dear Apply Info i" 24121 > http [F: HTTP/1.1 200 OK [TCP segment of GET /global/en/i http > 24121 [F: 24121 > http [AI HTTPA-1 304 NO , HTTPA.l 304 NO' j L>J Frame 1 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: Micro-st_52 :74 : 3 5 (00:13:d3:52:74 :35), Dst:Hew1ettP_71:bf :0f (C internet Protocol, Src: 155.97.243.202 (155.97.243.202), Dst:65. 55.21.250 (65. 5 5 . Transmission control Protocol, src Port; 24119 (24119), ost Port: http C80), Seq: : 0000 ~] Source 290645476 300872140 0 Update list of packets in real time 0 Hide capture info dialog [3 Enable MAC name resolution ,, >F 1 EH Enable network name resolution D ...after Help | " Time - Buffer size: ! 1 220619094 23 0 619624 24 0 622996 250623034 26 0 640693 27 0 640750 E3 [Capture Filter: I ' tcp port 80 and host www.microsoft.ee Capture File(s) 322605263 332618986 D Use multiple files ' 0 Name Resolution Stop Capture... ': D ... after 0 D ...after [ 00 If 29 71 bf Of 00 13 15 fa :0020 00 34 Oa 9c 40 00 80 06 0010 5e 37 00 50 6d 94 d3 52 74 35 08 00 45 00 09 cb 9b 61 f3 ca 41 37 d7 02 00 00 00 00 80 02 . . )q. . . . 4 . . IB .Rt5..E. a..A7 , ..A7.Pm V | O'R«altekRTL8139/810x Family Fast Ethernet NIC Figure 5-6: Capture filter to include www.microsoft.com. Packets. 34 Displayed 34 Marked fproffe- Default Figure 5-7: Captured packets. 13. Click Capture and Options. 14. Enter "tcp port 80 and host www.microsoft.com" in the box next to Capture Filter. (See Figure 56.) Click Start. Open a Web browser and go to www.Google.com. (You shouldn't pick up any packets.) Go to www.Microsoft.com in your Web browser. (You should pick up several packets.) Click Capture and Stop. Take a screenshot. (See Figure 5-7.) 15. 16. 17. 18. 19. File Capture Interface: ILocal ! v 1 RealtekRTL8139/810x Family Fast Ethernet NIC Edit View Jo Capture SKHttftitt p*7] IP address: 155.97.243.202 Analyze Statistics '-* El X »2 ei> Tetephony_ Tools Help <±i 61 Q, 0 , \> C ife ^F HL Buffer size: ; 1 Time £! megabyte(s) bytes [Capture Filter: | ! tcp port 80 and host www.microsoft.eem and src port 80 [^ j Display Options File: Browse. H Update list of packets in t eal time 0 » Expression... Clear. Apply Filter No. . Source Protocol Destination Info u?J IIL.H ieyrneni. ui [TCP segment of HTTP/1. 1 200 OK http > 24013 [A( HTTP/1.1 304 NO' http > 24015 [A! [TCP segment of [TCP segment of [TCP segment of [TCP segment of f HTTPA-1 200 OK ! d Capture packets in promiscuous mode, 1 1 Capture packets in pcap-ng format (experimental) CH Lj"* each packet to i : Capture File(s) j D Use multiple files Automatic scrolling In live capture 64. .31.252 64.4.31.252 44 0.881139 45 0.881180 64. 64. 64. 64. 64. 64. 64. 64. 64. 34 0.478941 35 0.528130 36 0.528158 37 0.530202 38 0 . 5 3 5 4 3 8 39 0 . 5 3 5 5 4 5 40 0 . 5 3 5 6 5 7 410.535786 42 0 . 5 3 5 8 2 0 .31.252 .31.252 .31.252 .31.252 .31.252 .31.252 .31.252 .31.252 .31.252 155 97 2 3.202 155 97 2 3.202 155 97 2 3 . 2 0 2 155 97 2 3.202 155 97 2 3.202 155 97 243.202 155 97 2 4 3 . 2 0 2 15597243.202 155 97 2 4 3 . 2 0 2 155 97 243.202 155 97 243.202 HTTP TCP HTTP TCP TCP TCP TCP TCP HTTP TCP [TCP segment of ! I HTTP/XML HTTPA-1 200 OK PI Hide capture info dialog t Frame 1 (60 bytes on wire, 60 bytes captured) t! Ethernet II, src: HewT ett P_71 : bf : Of (00:lf :29:71:bfOf), : Name Resolution 0 Stop Capture . . , D ...after a Transmission control Protocol, Src Port: http (80), Enable MAC name resolution Dst: Micro-St_52:74:35 (C Dst Port : D Enable network name resolution D ...after 0 D... after Enable transport name resolution 00 28 76 a3 40 00 32 06 0010 00 13 d3 52 74 35 00 If 0000 Help [ Start j | . . . Rt 5 .. )qV.:.E. .(v.e.2 . . .e. . . .a 29 71 bf Of 08 00 45 00 e3 00 40 04 If fc 9b 61 T 0030 [ fd 5C e8 91 00 00 00 00 i + 5&v . P . \3 (24013), Seq: ' 00 00 00 00 Cancel O RealtekRTL8139/810xFairtlyFastahernetNIC.., i PacketsMS Displayed; 45 Marked Figure 5-8: Capture filter to include "src port 80." Profile: Default Figure 5-9: Captured packets from one source IP. 20. Click Capture and Options. 21. Enter "tcp port 80 and host www.microsoft.com and src port 80" in the box next to Capture Filter. (See Figure 5-8.) 22. Click Start. 132 P a ^ e 23. Go to www.Microsoft.com in your Web browser. (You should pick up several packets with the same source IP.) 24. Click Capture and Stop. 25. Take a screenshot. (See Figure 5-9.) Capture File Edit View Filter IP address: 155,97.243.202 H M 8i Interface: Local v Realtek RTLS139/310X Family Fast Ethernet NIC [^J .e Buffer size: 1 ^ , ,. £ megabyte(s) bytes Display Options | [Browse... | r£] yp^g |i5l:of pacKets In real time £o Capture Analyze Statistics X Si da Telephony '- look Help r ;\ Q ^ ^ ^ u - 155 155 155 155 97.243. 202 155 97.243. 202 155 97.243. 202 0.001527 0.001980 0.002356 0.003673 2 3 4 5 Oest nation Sour ce T,me 155 155 155 155 155 11 0.075365 101.201 101.201 101.201 101.201 155 155 155 155 10 10 10 10 101. 101. 101. 97 97 97 97 3 3 3 3 Expression... Protocol 201.10 201.10 201.10 2 2 2 2 202 202 202 202 DNS DNS DNS DNS DNS DNS DNS Clear Apply Info Standard query ,: standard query ,; standard query , standard Standard standard standard query query query query 12 0.081577 Hide capture info dialog 14 - Quer les ^ Name: c.m icroso ft . com ddress) Type: A ( c l a s s : IN fOxOO 01) Enable MAC name resolution v * D Enable network name resolution 0000 after Enable transport name resolution 0010 0030 ~*|P at * •" 0.005060 0.007405 0.007476 0.007585 7 8 9 10 No. . [ 1 Capture packets in pcap-ng fc rmat (experimental) ! ! ymft each packet to Capture File(s) File: D Use multiple files 1 0 Name Resolution 0 Stop Capture... D .-after CH 0 1 00 If 29 71bf Of 00 13 00 3d 75 e8 00 00 80 11 13 11 52 74 35 08 C 0 45 00 ?h 9b 61 f3 c a 9b 65 . .)q .=u R t 5 . .E. + a ..e KtXfl»«• 00 00 00 00 '. '" ~] I Start 11 Cancel ] Pac O Query Name (dns.qry.na Figure 5-10: Capture filter for port 53. 26. 27. 28. 29. 30. 31. 32. 33. Figure 5-11: Captured DNS packets. Click Capture and Options. Enter "port 53" in the box next to Capture Filter. (See Figure 5-10.) Click Start. Go to www.Microsoft.com in your Web browser. (You should pick up several packets colored blue by default. These are DNS requests.) Click Capture and Stop. Click on the first row. Highlight the Microsoft entry in the Packet Contents pane. Take a screenshot. (See Figure 5-11.) In this project you learned how to 1) capture packets going to a specific port, 2) capture traffic addressed to a specific host (or IP address), 3) capture only the source/destination port, and 4) capture DNS traffic. For a list of the possible ports you can specify you can go to the following link: http://wiki.wireshark.org/PortReference. By filtering only Web traffic (port 80) there was much less information to capture. There was even less traffic if you specified a particular Web site. You can even look at only one side of the conversation by specifying a source or destination port. Wireshark's wiki (http://wiki.wireshark.org/FrontPage) has a lot of information about how to capture specific kinds of traffic and even provides some sample captures. THOUGHT QUESTIONS 1. 2. 3. 4. Why does your computer send so many packets? Why not send just one really big packet? What do SYN, ACK, FIN, GET mean? Can you capture all of the packets for an entire network? Can Wireshark automatically resolve the IP address into host names? P a e e i 133 5.3 PACKET INSPECTION In the prior project you learned how to capture specific types of traffic. In this project you will look at the parts of a packet. Each packet comes with a lot of information that the end user never sees. Each packet has 1) both source and destination IP addresses, 2) both source and destination MAC addresses, 3) a TTL, and 4) both source and destination port numbers. In addition, they also have information about window size, IP version, timings, sequence numbers, etc. Understanding the contents of a packet helps you understand how TCP/IP (and the Internet) works in the real world. Each field in a packet serves a purpose. There are also different types of packets (UDP, ICMP, etc.) that perform different functions. You will also walk through a TCP connection in this project. Understanding these fundamental components is critical to becoming a good network administrator. 1. With Wireshark open click Capture and Options. 2. If you haven't already done so, select your Network Interface Card (NIC) in the Interface dropdown menu at the top of the screen. 3. Enter "tcp port 80" in the box next to Capture Filter. (See Figure 5-12.) Capture Interface: ; Realtek RTL3139/81CK Family Fast Ethernet NIC (Microsoft's Ps fjj[] IP address: 155.97.243.201 Buffei e: 1 :£i megabyte(s) 1^1 Capture packets in proi This wizard helps you to create shortcuts to local or network programs, files, folders, computers, or Internet addresses. Type the location of the item: [D Limit each packet to \| Capture File(s) Display Options File: PI ypdate list of packets in real time Click Next to continue O Use multiple files 0 Automatic scrolling in live capture (3 Hide capture info dialog Name Resolution 0 Enable MAC name resolution [ 1 Enable network name resolution 0 Enable transport name resolution J | I Cancel Figure 5-12: Configuring Wireshark to capture port 80 packets. 4. 5. 6. 7. 8. 9. 10. Njext> I [ Cancel Figure 5-13: Captured packets for www.Google.com. Close ALL other programs you currently have open except your word processing program. Right-click anywhere on your desktop. Select New and Shortcut. Enter "www.Google.com". (See Figure 5-13.) Click Next. Enter "Google" for the name. (See Figure 5-14.) Click Finish. 134 P a t i e < Back Finish _ Edit View it View £o Capture Analyze Stati Telephony lools tJelp at & # ,^ a x s 1 0.000000 2 0.024056 3 0.024108 155.97 74.125 155.97 5 u.049793 6 0.059043 7 0.059087 8 0.059114 9 0.059128 11 0.158304 tp [ACK] Seq-649 155.97.243.202 Cancel Figure 5-14: Naming the shortcut. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. Fife Figure 5-15: GET request showing Google's hostname. Close all other Web browsers. (This will reduce the number of packets you capture.) Go back to Wireshark and click Start. Double-click the Google shortcut on your desktop. Wait for the page to load. Close your Web browser. Go back to Wireshark and click Stop. Click on the line that has Get in the Info field. (In this example it was the 4th packet. See Figure 515.) In the Packet Details pane (the middle pane) click on the line labeled "Ethernet II." Click on the line labeled "Source." Take a screenshot. (See Figure 5-16.) Open a command prompt by clicking Start and Run. Type CMD Type ipconfig /all Take a screenshot. (Notice that the MAC and IP addresses are the same as those shown in the Wireshark capture. In this case the MAC address was 00-13-D3-52-74-35. See Figure 5-17.) Go &&&&>$ Capture Analyze Statist s I'HSCpgfta Telephony 's , lools Help '•> 0, ? ,2 Filler T Bid Expression... Protocol Q Q. Q, Clear 26929 > http 155.97 243 202 Info Source No. . Time 1 0.000000 Destination 74.125 155.103 mfUfmctmaxsiafti BBmE£Stti$S12 74.125 155.139 74.125 155.103 155.97 2 3 202 155.97 155.97 155.97 74.125 74.125 74.125 74.125 155.97 155 155 1 5 2 3 103 103 103 202 TCP MESij3H 243.202 243.202 243.202 155.103 TCP TCP TCP TCP HTTP TCP HTTP 26929 > http http > 26929 [TCP [TCP » Apply 155.97 243 202 3 0.024108 BBEBSEEHsBtiBI 5 0.049793 6 0.059043 7 0.059087 8 0.059114 10 0.144161 t Frame 4 (702 bytes on wire, 702 bytes captured) -. Ethernet II ...
Purchase answer to see full attachment

Tutor Answer

Necessa
School: UCLA

Here it is! I hope you love it.

5.3 Wireshark Lab
1. Open Wireshark and click Capture and Options.
2. Then select your NIC card in the dropdown.
3. Enter in “tcp port 80” in the box next to the filter.

4. Close all other programs and then let the window process.
5. Right click and look at the desktop.
6.Choose the shortcut.
7. Enter Google.com.
8. Click Next.
9. Enter in Google for the name.

10. Click Finish

11. Close all other browsers.
12. Click start to make sure that you are able to capture.
13. Click the Google shortcut on the desktop.
14. Wait for the page to load.
15. Close the browser.
16. Go to Wireshark and click stop.
17. Click on the line and Get the info.
18. In the Packet Details pane click on what is called Ethernet II.
19. Click on the line called Source.

20.Take a screenshot.
21. Open a Command prompt and start by clicking Start and Run.
22. Type CMD.
23. Type ipconfig/all
24. Take a screenshot.

25. In the Details Packet pane click on the Hypertext Transfer Protocol.

26. Click on the line labeled “Cookie”
27. Take a screenshot.
28. In the file menu look and follow the TCP Stream.
29. Take a screenshot.

30. Click packet details and take a screenshot.
31. Click file and view packet bytes.
32. Maximize the Wireshark and look at all the info.
33. Click on the row that has the occurrence in the column.

34. Take a screenshot.

35. Double click on the next row.
36. Expand the tree Transmission Control Protocol.
37. Expand the tree.
38. Highlight the row.
39. Take a screenshot.

40. Double click on the row and then look at the packets.
41. Expand the tree for the TCP.
42. Expand the tree.
43. Highlight the row.
44. Take a Screenshot.

45. Double click on the row.
46. Expand the tree....

flag Report DMCA
Review

Anonymous
awesome work thanks

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors