Lab 2 One of the most well-known packet sniffers is called Wireshark (formerly named Ethereal). It...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Lab 2 One of the most well-known packet sniffers is called Wireshark (formerly named Ethereal). It is a powerful tool that can capture, filter, and analyze network traffic. It can promiscuously capture traffic on both wired and wireless networks. It is used by security and networking professionals to troubleshoot networking problems. In this project you will install Wireshark, capture packets, use a capture filter, and look at the contents of a packet. When placed correctly, a network administrator can use Wireshark to see all the traffic coming into and out of a network. Network administrators can, among other things, see which hostnames are being requested and who is requesting them. Surfing the Web is not anonymous. 1. Download Wireshark from http://www.wireshark.org/download.html. 2. Click Download Windows Installer. 3. Click Save. 4. If the program doesn't automatically open, browse to your download directory. 5. Double-click the installer labeled wireshark-2.2.1.exe. The version number might be different if a later release is available. 6. Click Next, I Agree, and Next. 7. Select Desktop Icon. 8. Click Next, Next, and Install. 9. Click Next to install WinPCap. 10. Click Next, I Agree, and Finish. 11. Click Next and Finish. 12. Double-click the Wireshark icon on your desktop. 13. Click Capture and Options. 14. Take a screenshot. 15. Select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 16. Close ALL other programs you currently have open except your word processing program (e.g. Microsoft Word, OpenOffice Writer, etc.). 17. Click Start. 18. Let it run for 30 seconds. 19. While you are waiting open a web browser and go to www.google.com. 20. Click Capture and Stop. 21. Scroll up until you see a green and blue area. (These are the packets you captured when you requested Google's main page.) 22. Take a screenshot. 23. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the packet that shows "www.google.com" in the bottom pane.) 24. Select that row. 25. In the bottom pane you will see numbers and letters to the left. (Those are the packets contents in hexadecimal.) Just to the right you will see the content of the packet in a column. 26. Select the text: www.google.com. 27. Take a screenshot. You just picked packets off your network and looked at their contents. There may have been traffic that you couldn't understand. Most people are surprised at the number of packets that are needed to get a single webpage to load. Wireshark has additional online documentation at www.Wireshark.org that will help you understand the other packets you captured. Now you are going to filter out all the "extra" packets you captured and just look at Web traffic running over port 80. 28. With Wireshark open click Capture and Options. 29. If you haven't already done so, select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 30. Type tcp port 80 in the box next to Capture Filter. 31. Close ALL other programs you currently have open except your word processing program (Microsoft Word, OpenOffice Writer, etc.). 32. Click Start. 33. Open a web browser and go to www.google.com. 34. Click Capture and Stop. 35. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the www.google.com packet.) 36. Select that row. 37. In the bottom pane you will see a bunch of numbers to the left. (It's the contents of the packet in hexadecimal.) Just to the right you will see the content of the packet in a column. 38. Select the text www.google.com. 39. Take a screenshot. 40. Answer the following questions very briefly. (No more than 2 lines per answer) a. Why does your computer send so many packets? Why not send just one BIG packet? b. What do SYN, ACK, FIN, GET mean? c. Why do some packets have sequence numbers? d. Why does your computer send packets to the webserver that you requested data from? e. What do the different colors in the Wireshark packet capture listing mean? f. Why would your computer get packets that are addressed to another machine? 41. Submit The MS Word Document on Blackboard. Screenshots, IP addresses and answers for individual students should vary Lab 2 One of the most well-known packet sniffers is called Wireshark (formerly named Ethereal). It is a powerful tool that can capture, filter, and analyze network traffic. It can promiscuously capture traffic on both wired and wireless networks. It is used by security and networking professionals to troubleshoot networking problems. In this project you will install Wireshark, capture packets, use a capture filter, and look at the contents of a packet. When placed correctly, a network administrator can use Wireshark to see all the traffic coming into and out of a network. Network administrators can, among other things, see which hostnames are being requested and who is requesting them. Surfing the Web is not anonymous. 1. Download Wireshark from http://www.wireshark.org/download.html. 2. Click Download Windows Installer. 3. Click Save. 4. If the program doesn't automatically open, browse to your download directory. 5. Double-click the installer labeled wireshark-2.2.1.exe. The version number might be different if a later release is available. 6. Click Next, I Agree, and Next. 7. Select Desktop Icon. 8. Click Next, Next, and Install. 9. Click Next to install WinPCap. 10. Click Next, I Agree, and Finish. 11. Click Next and Finish. 12. Double-click the Wireshark icon on your desktop. 13. Click Capture and Options. 14. Take a screenshot. 15. Select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 16. Close ALL other programs you currently have open except your word processing program (e.g. Microsoft Word, OpenOffice Writer, etc.). 17. Click Start. 18. Let it run for 30 seconds. 19. While you are waiting open a web browser and go to www.google.com. 20. Click Capture and Stop. 21. Scroll up until you see a green and blue area. (These are the packets you captured when you requested Google's main page.) 22. Take a screenshot. 23. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the packet that shows "www.google.com" in the bottom pane.) 24. Select that row. 25. In the bottom pane you will see numbers and letters to the left. (Those are the packets contents in hexadecimal.) Just to the right you will see the content of the packet in a column. 26. Select the text: www.google.com. 27. Take a screenshot. You just picked packets off your network and looked at their contents. There may have been traffic that you couldn't understand. Most people are surprised at the number of packets that are needed to get a single webpage to load. Wireshark has additional online documentation at www.Wireshark.org that will help you understand the other packets you captured. Now you are going to filter out all the "extra" packets you captured and just look at Web traffic running over port 80. 28. With Wireshark open click Capture and Options. 29. If you haven't already done so, select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 30. Type tcp port 80 in the box next to Capture Filter. 31. Close ALL other programs you currently have open except your word processing program (Microsoft Word, OpenOffice Writer, etc.). 32. Click Start. 33. Open a web browser and go to www.google.com. 34. Click Capture and Stop. 35. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the www.google.com packet.) 36. Select that row. 37. In the bottom pane you will see a bunch of numbers to the left. (It's the contents of the packet in hexadecimal.) Just to the right you will see the content of the packet in a column. 38. Select the text www.google.com. 39. Take a screenshot. 40. Answer the following questions very briefly. (No more than 2 lines per answer) a. Why does your computer send so many packets? Why not send just one BIG packet? b. What do SYN, ACK, FIN, GET mean? c. Why do some packets have sequence numbers? d. Why does your computer send packets to the webserver that you requested data from? e. What do the different colors in the Wireshark packet capture listing mean? f. Why would your computer get packets that are addressed to another machine? 41. Submit The MS Word Document on Blackboard. Screenshots, IP addresses and answers for individual students should vary
Expert Answer:
Answer rating: 100% (QA)
The images youve provided appear to contain instructions and questions related to a lab exercise involving Wireshark a network protocol analyzer Stude... View the full answer
Related Book For
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Googles ease of use and superior search results have propelled the search engine to its num- ber one status, ousting the early dominance of competitors such as WebCrawler and Infos- eek. Even later...
-
In Exercises 1318, find the average rate of change of the function from x 1 to x 2 . f(x)=x from x = 4 to x = 9
-
Will Benjamin has been working on Heston Paints' cash budget for the coming year. Based on his projections for March, the beginning cash balance will be $45,700, cash collections will be $650,000,...
-
Using the Nernst equation, explain how the corrosion of iron would be affected by the pH of a water drop.
-
Is the systems development process a linear or a cyclical process? Explain.
-
Discuss when each of the following types of businesses is likely to recognize revenues and expenses. a. A bank lends money for home mortgages. b. A travel agency books hotels, transportation, and...
-
You and your significant other are planning to retire and open a chicken ranch in 40 years. However, you begin a retirement fund to make your dreams come true. You plan to invest $5,000 each year for...
-
You and a classmate are assigned a project on which you will receive one combined grade. You each want to receive a good grade, but you also want to avoid hard work. In particular, here is the...
-
Casper Landsten once again has $1.05 million (or its Swiss franc equivalent) to invest for three months. He now faces the following rates. Should he enter into a covered interest arbitrage (CIA)...
-
Sustainable project development has many features and can mean many things when beginning a project. If you were to identify three critical messages that explain what sustainable project management...
-
Identify an individual you would call a business leader. Search the Web for information on this individual. What pieces of information cause you to consider this individual a leader?
-
What are some of the barriers associated with managing virtual project teams? How would you overcome some of these barriers?
-
What are the reasons for developing a business case as part of scoping requirements? How would an organization use this document?
-
Consider the Odebrecht case and its habit of using bribes and kickbacks to secure project contracts. In what ways is this unethical behavior the fault of the firm, and how is it the fault of the...
-
Pipe being recovered from an interval of borehole has a value of $30/ft. On the average, 20 hours of rig time must be expended to recover 200 ft of pipe. The cost per foot to sidetrack the well and...
-
Clark, PA, has been engaged to perform the audit of Kent Ltd.s financial statements for the current year. Clark is about to commence auditing Kents employee pension expense. Her preliminary enquiries...
-
Review how once an IDPS detects an anomalous network situation, it has several options, depending on the policy and objectives of the organization that has configured it as well as the capabilities...
-
I. Comprehend that symmetric encryption is also known as public-key encryption. II. Explain that symmetric encryption uses a single key to encrypt and decrypt, but asymmetric encryption uses two...
-
Remind students that to make sound decisions about information security as well as to create and enforce policies, management must be informed of the various kinds of threats facing the organization...
-
What are the key differences between financing entrepreneurial and established companies?
-
What is the purpose of staged financing?
-
What are the main types of investors that fund entrepreneurial ventures?
Study smarter with the SolutionInn App