The project is a self-directed, individual effort that demonstrates understanding of course material related to Wireshark and
Question:
The project is a self-directed, individual effort that demonstrates understanding of course
material related to Wireshark and netstat. The project should be original and demonstrate
creative thinking in the application of Wireshark and netstat.
Wireshark and Netstat Usage
For this project utilize Wireshark and netstat to gain insight into network behavior. By
capturing network traffic with Wireshark, you can analyze the various components of the
network such as protocols, IP addresses, and ports being used. This information can be
used to understand the flow of data and identify potential issues. On the other hand, netstat
will be used to gather information about the current status of network connections, such
as open sockets and active connections. This information can provide valuable insights into
the network's health and performance. By combining the information gathered from both
Wireshark and netstat, the project aims to gain a comprehensive understanding of network
behavior, identify potential issues, and optimize network performance.
Format and Presentation
The project should be submitted in either a LaTeX folder along with a PDF file, or a
Microsoft Word document. The project should be well-structured and clearly presented,
with appropriate use of graphics, tables, and figures as needed to support the content. It
is important to note that the first page of the project for each student should be this cover
page, and it should be the first page of the submitted file.
Proper referencing and citation should be used throughout the project, following one of the
specified citation styles: APA, Harvard, or IEEE. This includes not only the sources used in
the text, but also tables and figures as well as information from other sources.
Note: Your file should be named as name lastname dcn02.pdf.
Submissio
Data Communication and Networking 02 Instructor: Miralda Cuka, PhD
the instructor and classmates.
Grading Criteria
The project will be graded based on the following criteria:
• Effective use of Wireshark and netstat
• Completeness and accuracy of the analysis
• Organization and clarity of the report
• Quality of network traffic analysis
• Quality and relevance of the screenshots
• Quality and clarity of the report submitted
• Proper referencing and citation
Length and Depth
The project should be of sufficient length and depth to demonstrate mastery of the course
material related to Wireshark and netstat, and should reflect the amount of time and effort
expected for a project of 20% weight in the syllabus.
Academic Integrity
Data Communication and Networking 02 Instructor: Miralda Cuka, PhD
Wireshark: Investigating Network Traffic with
Wireshark
Objectives
To gain hands-on experience in using Wireshark to capture and analyze network traffic. To
understand different network protocols and their use in network communication. To identify
and analyze network security issues.
Task
Install Wireshark on your computer. It is a free and open-source network protocol
analyzer.
Capture network traffic for at least 5 minutes by selecting the appropriate network
interface on Wireshark.
Use Wireshark's filters to narrow down the captured traffic based on different criteria
such as IP addresses, port numbers, or protocol types.
Analyze the captured traffic to understand the different network protocols and their
usage in network communication. Some common network protocols you can look for
include HTTP, HTTPS, FTP, DNS, and SMTP.
Investigate and analyze the security of the captured traffic. Look for possible mali-
cious activities, such as suspicious IP addresses, unusual network behaviors, or signs of
network intrusions. For example, you can search for traffic from known malicious IP
addresses using the Wireshark's "ip.addr==" filter.
a report documenting your findings, including the types of network protocols
observed, the frequency of their usage, and any security issues identified.
Your report should include the following sections:
a Introduction: A brief overview of the purpose of the assignment and what you
intend to accomplish.
b Methodology: A description of the steps you took to capture and analyze net-
work traffic, including the time frame, the network interface used, and the filters
applied.
c Results: A comprehensive analysis of the captured network traffic, including the
types of network protocols observed, their frequency of usage, and any security
issues identified.
d Conclusion: A summary of your findings and your thoughts on what you learned
from the assignment.
3
Data Communication and Networking 02 Instructor: Miralda Cuka, PhD
Exercise 1: Analyze an HTTP/HTTPS Session
Browse a website of your choice using a web browser. Use the filter bar to only show HTTP
or HTTPS traffic (e.g. by typing the protocol name into the filter bar). Examine the packets
in the captured traffic:
a Observe the source and destination IP addresses, as well as the source and destination
ports.
b Observe the HTTP request and response messages, paying attention to the request
method, URL, status code, content type, and payload.
c Observe the SSL/TLS protocol information, if present (e.g. certificate information,
cipher suite, etc.).
d Repeat the above steps for different websites or different types of HTTP/HTTPS traffic
(e.g. dynamic vs. static content, different HTTP methods, etc.).
e Sniff data packets as they are transmitted over HTTP protocol. Login to a web appli-
cation that does not use secure communication and capture the plaintext values of all
the POST variables submitted to the server via HTTP protocol.
Excercise 2: Analyze TCP and UDP traffic
a Start by capturing network traffic.
b Stop the capture in Wireshark and examine the captured traffic.
c You should see a number of packets exchanged between the two machines.
d Pay attention to the source and destination IP addresses, source and destination port
numbers, and the protocol used (TCP or UDP).
e Analyze the captured traffic to see how the transfer progresses.
f Observe the three-way handshake for TCP connections and the flow of data packets.
g You can also look at the different fields in the captured packets, such as sequence
numbers, acknowledgment numbers, and flags.
h Finally, repeat the exercise with the other protocol (TCP or UDP) and compare the
results to see the differences between the two protocols.
Note: Make sure to include screenshots, packet captures, and relevant diagrams to illustrate
your findings in the report.
4
Data Communication and Networking 02 Instructor: Miralda Cuka, PhD
Netstat: Analyzing Network Connections with Netstat
Objectives
To gain hands-on experience in using netstat to monitor network connections and status.
To understand different types of network connections and their properties. To identify and
analyze network security issues.
Task
Familiarize yourself with the netstat tool, which is available on most operating systems.
Use netstat to monitor network connections and status on your computer. Take screen-
shots of the output to document your findings.
Analyze the network connections displayed by netstat and classify them based on the
type of connection (e.g. TCP, UDP, or ICMP).
Identify the IP addresses and port numbers used by each connection and research the
purpose and function of the IP addresses and port numbers.
Investigate and analyze the security of the network connections by searching for possi-
ble malicious activities, such as suspicious IP addresses, unusual processes or unusual
network behaviors.
a report documenting your findings, including the types of network connections
observed, the properties of each connection, and any security issues identified.
Excercise 1: Analyze network activity using netstat
a Monitor network activity on a specific port and address using Netstat.
b Identify established and listening TCP connections using Netstat.
c Detect open sockets and active connections on a system using Netstat.
d Find the PID and process name of the programs that have established a connection
using Netstat.
Investigate the relationship between network activities and processes. Analyze how
different applications interact with the network.
e Filter Netstat output to show only IPv4 and IPv6 connections.
f Display the total number of incoming and outgoing network packets and bytes using
Netstat.
5
Data Communication and Networking 02 Instructor: Miralda Cuka, PhD
g Detect and diagnose network errors and issues using Netstat by analyzing the output
of the "netstat -s" command.
h Monitor network traffic by protocol (TCP, UDP, ICMP, etc.) using Netstat.
i Compare network statistics over time by periodically running Netstat and saving its
output to a file.
j Analyze network activity between specific source and destination addresses using Net-
stat.
Note: The report should include screenshots of your netstat output to support your findings.
Systems analysis and design
ISBN: ?978-1118808177
5th edition
Authors: Alan Dennis, Barbara Haley Wixom, Roberta m. Roth