Lab 4. Overview To Wireshark Tool.: Learning Outcomes

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 11

180031172 18CS3279 Network security lab

K. HEMANTH KUMAR

DEPARTMENT OF COMPUTER SCIENCE


AND ENGINEERING
SUBJECT CODE: 18CS3729
NETWORK SECURITY WORKBOOK

Lab 4. Overview to Wireshark Tool.

Date of the Session:10/OCT/ 2020 Time of the Session: 11:00to 12:40

Learning Outcomes:

 Basics of Wireshark.
 Understanding Packet capturing tools.
 Understanding how Packets are transmitted in the network using packet capturing
tools.

Pre -Lab

1. Explain the need of packet analyzer.


Sol:

Packet analyzers also help detect potential network intrusion by looking for network
access patterns inconsistent with standard usage. In a process known
as packet capture (PCAP), analyzers snag packet data as it moves over your network. It saves
a copy of this data as a file on your monitoring device

2. List the types of packet analyzers.


Sol:

 NetworkMiner. ...
 Colasoft Capsa ManageEngine NetFlow Analyzer. ...
 Savvius Omnipeek. ...
 Wireshark. ...
 Telerik Fiddler. ...
 NETRESEC.
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

3. Do you think there is a need for packet analyzer tool. Justify.

Yes there is a need for packet analyzer tool.

network analyzer is a device that gives you a very good idea of what is happening on
a network by allowing you to look at the actual data that travels over it, packet by
packet. A typical network analyzer understands many protocols, which enables it to
display conversations taking place between hosts on a network.

In - Lab

Task -1: Dinesh a tech evangelist is interested to learn about packet analyzer tools and
decided to use Wireshark. Dinesh trust in you, now your job is help Dinesh in learning
Wireshark, now help Dinesh in installing Wireshark tool .
Sol:

Installation of wireshark tool:

Since wireshark is an open source so it is available on google or other web


engine.
Steps:
1. open google new page and type Wireshark.
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

2. Now click on the first link and you will get a new page
3. click on download.
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

4. Now select the type of download based on your system .

Task -2: Now help Dinesh to understand the overview of Wireshark.

Wireshark Overview:
1. Wireshark Overview

2. Open the Wireshark tool downloaded in your desktop.

3. Initially it will not be capturing any packets.

4. Select the interface from the capture options: 5. If you are at a desktop, you need to select
the Ethernet interface being used. Note that there could be multiple interfaces. In general,
you can select any interface but that does not mean that traffic will flow through that
interface. The network interfaces (i.e., the physical connections) that your computer has to
the network are shown.
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

Task -3: While you explain the overview of Wireshark, Dinesh observed some IP address in
the packet capturing window, Dinesh want to extract the information of particular IP address
and see where it is going and from where it is receiving the information, help Dinesh to filter
particular IP address and its source and destination.

If he wants a particular address


Then the command is ip.addr==192.168.0.135(the source ip address) The
destination address is239.255.255.250
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

Task -4: While performing IP filtering Dinesh wants to know for which ports and services
are IP address are connecting, now help Dinesh to filter required port or service.

Ports Filtering in wireshark

Common port numbers

Number Assignment

20 File Transfer Protocol (FTP) Data Transfer(TCP)

21 File Transfer Protocol (FTP) Command Control(TCP)

22 Secure Shell (SSH) Secure Login

23 Telnet remote login service, unencrypted text messages(TCP/UDP)

25 Simple Mail Transfer Protocol (SMTP) E-mail routing

53 Domain Name System (DNS) service(TCP/UDP)

67, 68 Dynamic Host Configuration Protocol (DHCP)(UDP)

80 Hypertext Transfer Protocol (HTTP) used in the World Wide Web

110 Post Office Protocol (POP3)


180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

119 Network News Transfer Protocol (NNTP)

123 Network Time Protocol (NTP)

143 Internet Message Access Protocol (IMAP) Management of digital mail

161 Simple Network Management Protocol (SNMP)

194 Internet Relay Chat (IRC)

443 HTTP Secure (HTTPS) HTTP over TLS/SSL(TCP)

To capture web server where HTTP protocol is running:

tcp.port == 80
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

Post Lab:

Task -1: Dinesh was so excited to learn more, now he was interested in learning how OSI
and TCP/IP models works in real time, now your task is to explain Dinesh the each layer of
network models using Wireshark.

Understanding Tcp Handshake Using

Tcp syn
180031172 18CS3279 Network security lab
K. HEMANTH KUMAR

Tcp syn-ack

Tcp ack tcp fin ack

You might also like