Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 32 views

    Name: Pradeep Gupta Roll No: 112 Div: A

    Uploaded by

    Pradeep Gupta
    Pradeep Gupta's experiment aims to use Wireshark to understand TCP/IP layers. Wireshark is a network analysis tool that captures packets in real time and displays them in a human-readable format. It allows inspection of individual packet details across different layers including Ethernet, IP, TCP and applications. Filters can be used to narrow traffic and focus on specific conversations. In conclusion, the student has studied how Wireshark works.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Name: Pradeep Gupta Roll No: 112 Div: A

    Uploaded by

    Pradeep Gupta
    32 views8 pages
    Pradeep Gupta's experiment aims to use Wireshark to understand TCP/IP layers. Wireshark is a network analysis tool that captures packets in real time and displays them in a human-readable format. It allows inspection of individual packet details across different layers including Ethernet, IP, TCP and applications. Filters can be used to narrow traffic and focus on specific conversations. In conclusion, the student has studied how Wireshark works.

    Original Description:

    Nmap Experiment

    Original Title

    CN_EXP_3_TEA_112

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Pradeep Gupta's experiment aims to use Wireshark to understand TCP/IP layers. Wireshark is a network analysis tool that captures packets in real time and displays them in a human-readable format. It allows inspection of individual packet details across different layers including Ethernet, IP, TCP and applications. Filters can be used to narrow traffic and focus on specific conversations. In conclusion, the student has studied how Wireshark works.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    32 views8 pages

    Name: Pradeep Gupta Roll No: 112 Div: A

    Uploaded by

    Pradeep Gupta
    Pradeep Gupta's experiment aims to use Wireshark to understand TCP/IP layers. Wireshark is a network analysis tool that captures packets in real time and displays them in a human-readable format. It allows inspection of individual packet details across different layers including Ethernet, IP, TCP and applications. Filters can be used to narrow traffic and focus on specific conversations. In conclusion, the student has studied how Wireshark works.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    Name: Pradeep Gupta

    Roll No: 112

    Div: A

    EXPERIMENT NO. 3

    AIM: Use Wire shark to understand the operation of TCP/IP layers:

    ● Ethernet Layer: Frame header, Frame size etc.


    ● Data Link Layer: MAC address, ARP (IP and MAC address binding)
    ● Network Layer: IP Packet (header, fragmentation), ICMP (Query and Echo)
    ● Transport Layer: TCP Ports, TCP handshake segments etc.
    Application Layer: DHCP, FTP, HTTP header formats

    THEORY:

    Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time
    and display them in human-readable format. Wireshark includes filters, color coding, and other
    features that let you dig deep into network traffic and inspect individual packets.

    Capturing Packets

    After downloading and installing Wireshark, you can launch it and double-click the name of
    a network interface under Capture to start capturing packets on that interface. For example,
    if you want to capture traffic on your wireless network, click your wireless interface. You
    can configure advanced features by clicking Capture > Options, but this isn’t necessary for
    now.
    As soon as you click the interface’s name, you’ll see the packets start to appear in real time.
    Wireshark captures each packet sent to or from your system.

    If you have promiscuous mode enabled—it’s enabled by default—you’ll also see all the other
    packets on the network instead of only packets addressed to your network adapter. To check
    if promiscuous mode is enabled, click Capture > Options and verify the “Enable promiscuous
    mode on all interfaces” checkbox is activated at the bottom of this window.

    Click the red “Stop” button near the top left corner of the window when you want to stop
    capturing traffic.
    Color Coding

    You’ll probably see packets highlighted in a variety of different colors. Wireshark uses colors
    to help you identify the types of traffic at a glance. By default, light purple is TCP traffic,
    light blue is UDP traffic, and black identifies packets with errors—for example, they could
    have been delivered out of order.

    To view exactly what the color codes mean, click View > Coloring Rules. You can also
    customize and modify the coloring rules from here, if you like.
    Sample Captures

    If there’s nothing interesting on your own network to inspect, Wireshark’s wiki has you
    covered. The wiki contains a page of sample capture files that you can load and inspect.
    Click File > Open in Wireshark and browse for your downloaded file to open one.

    You can also save your own captures in Wireshark and open them later. Click File > Save
    to save your captured packets.

    Filtering Packets

    If you’re trying to inspect something specific, such as the traffic a program sends when
    phoning home, it helps to close down all other applications using the network so you can
    narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through.
    That’s where Wireshark’s filters come in.

    The most basic way to apply a filter is by typing it into the filter box at the top of the window
    and clicking Apply (or pressing Enter). For example, type “dns” and you’ll see only DNS
    packets. When you start typing, Wireshark will help you autocomplete your filter.
    You can also click Analyze > Display Filters to choose a filter from among the default filters
    included in Wireshark. From here, you can add your own custom filters and save them to
    easily access them in the future.

    For more information on Wireshark’s display filtering language, read the Building display
    filter expressions page in the official Wireshark documentation.
    Another interesting thing you can do is right-click a packet and select Follow > TCP Stream.

    You’ll see the full TCP conversation between the client and the server. You can also click
    other protocols in the Follow menu to see the full conversations for other protocols, if
    applicable.

    Close the window and you’ll find a filter has been applied automatically. Wireshark is
    showing you the packets that make up the conversation.
    Inspecting Packets

    Click a packet to select it and you can dig down to view its details.
    You can also create filters from here — just right-click one of the details and use the Apply
    as Filter submenu to create a filter based on it.

    Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of
    what you can do with it. Professionals use it to debug network protocol implementations,
    examine security problems and inspect network protocol internals.

    CONCLUSION: Thus, we have studied the working of Wire Shark.

    You might also like