Saintleo COM309 Lab 3 Latest 2018 September

COM309 Network Theory & Design

LAB 3

UsingWireShark
(formerly Ethereal)

Required Hardware: You
can do this lab exercise on any computer that is connected to the Internet and
has Ethereal or WireShark software installed.
Alternately, you can do this lab from the comfort of your own home or
laptop by downloading and installing WireShark from www.wireshark.org (or
Ethereal from www.ethereal.com ) and installing it on your local PC.

In this lab you will:
1. Execute Wireshark and practice capturing data packets 2. Become familiar
with the results from capturing packets for a file download from a web server.

Part 1: Start up
Wireshark Capture and select computer IP address

1. Determine the IP address for the
Ethernet interface cards of the computer you are using. Start upWireshark,
click Capture ? Interfaces and click on the check box under Device
corresponding to your active Ethernet interface. Click on the Start button. Wireshark will
begin running in Capture Mode and will open up a Wireshark Capture window
showing you how many packets have been captured in real time.

Part 2: Download Web
Page

1. With Wireshark still running in
Capture Mode, start up your favorite browser (Internet Explorer, Mozilla,
Firefox or whatever).

2. Enter the following address: http://facweb.cs.depaul.edu/cwhite

3. A web page should appear in your
browser from the author’s home page

4. Close your browser window

5. Go back to the Wireshark Capture
window and click the Stop button or Capture

–> Stop to stop
the packet capture.

Part 3: Verify that
the Web Page Download has Been Captured

1. Back in the Wireshark window, you
should now see lots of packets in the top summary pane. Filter out all packets except HTTP packets by
typing the word “http” into the Filter: box and press Apply or click View –>
Filter Toolbar if you don’t see a Filter box at the top. This will make things much easier to read.

2. You should see a packet containing
something like “GET /cwhite / HTTP” sent by your PC to request the web page
download.

3. If the next packet listed
(containing the reply from the web server to your PC) contains “HTTP/1.1 200
OK” and the next 3 are “Continuation” GET packets, then you have successfully
captured the packets containing the lab html web page. Skip the following step 4 and continue to
Part 4.

4. On the other hand, if the reply from
the web server contains “HTTP/1.1 304 Not Modified”, then this means Wireshark did not capture the
packets from the web site because the web page was already stored (cached) in
your browser. In this case you must
clear your browser cache and then go back and re-do the capture as follows: a.
First, you must clear the web cache in your browser. i. For Internet Explorer,
click Tools ? Internet Options, then, under the General tab, click the Delete
Files button within the Temporary Internet Files box area. ii. For Firefox,
click Tools ? Options, then Privacy, Cache and click Clear. iii. For other
browsers, you’re on your own. b. Now in your Wireshark window, again select
Capture ? Interfaces and click the Capture button corresponding to the Ethernet
interface. When prompted whether to save
the previous capture, click Continue without saving. c. Go back to Part 2, step 1 above to
download the web page again while Wireshark is capturing packets.

Part 4: What to Hand
in

The goal of this lab
was primarily to introduce you to Wireshark and practice capturing data
packets. The intentions of the following questions is to show that you have
been able to run Wireshark and explore some of the capabilities. Answer the
following questions: 1. List at least three different protocols that appears in
the protocol column in the unfiltered packet-listing window. 2. How long did it
take from when the HTTP GET message was sent until the HTTP OK reply was
received? Note: By default, the value of the Time column in the packet listing
window is the amount of time, in seconds, since Wireshark tracing began. To
display the Time field in time-of-day format, select the Wireshark View pull
down menu, then select Time Display Format, then select Time-of-day. 3. What is
the Internet address of the web page http://facweb.cs.depaul.edu/cwhite 4. What
is the Internet address of your computer? 5. Provide screen shots of the HTTP
GET and HTTP OK messages that was sent from your computer to the
http://facweb.cs.depaul.edu/cwhite HTTP server. Look for an HTTP GET and HTTP
OK message in the “listing of captured packets” portion of the Wireshark window
that shows “GET /cwhite “. When you select the HTTP GET message, the
Ethernet frame, IP datagram, TCP segment, and HTTP message header information
will be displayed in the packet-header window2. By clicking on ‘+’ and ‘-‘
right-pointing and down-pointing arrowheads to the left side of the packet
details window, minimize the amount of Frame,
Ethernet, Internet Protocol, and Transmission Control Protocol information
displayed. maximize the amount information displayed about the HTTP
protocol.