Task 1: Ping PDU Capture

Step 1: After ensuring that the standard lab topology and configuration is
correct, launch Wireshark on a computer in a lab pod.

Set the Capture Options as described above in the overview and start the
capture process.

From the command line of the computer, ping the IP address of another network
connected and powered on end device on in the lab topology. In this case, ping
the Eagle Server at using the command ping 192.168.254.254.

After receiving the successful replies to the ping in the command line window,
stop the packet capture.

Step 2: Examine the Packet List pane.

The Packet List pane on Wireshark should now look something like this:

Look at the packets listed above; we are interested in packet numbers 6, 7, 8, 9,

11, 12, 14 and 15.

Locate the equivalent packets on the packet list on your computer.

If you performed Step 1A above match the messages displayed in the

command line window when the ping was issued with the six packets captured
by Wireshark.

From the Wireshark Packet List answer the following:

What protocol is used by ping? El protocolo usado para Ping es el ICMP.

What is the full protocol name? Internet Control Message Protocol o Protocolo
de Mensajes de Control de Internet.
What are the names of the two ping messages? Echo (ping) request indica la
petición de ping al host de destino y Echo (ping) reply indica la respuesta que
da el host destino a la petición.
Are the listed source and destination IP addresses what you expected? Yes /
No. Why? Si, porque la dirección IP de mi equipo es la 192.168.1.10 y envié
una petición de Ping al host identificado con la IP 192.168.1.11.

Step 3: Select (highlight) the first echo request packet on the list with the
mouse.

The Packet Detail pane will now display something similar to:

Click on each of the four "+" to expand the information.

The packet Detail Pane will now be similar to:

As you can see, the details for each section and protocol can be expanded
further. Spend some time scrolling through this information. At this stage of the
course, you may not fully understand the information displayed but make a note
of the information you do recognize.

Locate the two different types of 'Source" and "Destination". Why are there two
types? Hay dos tipos diferentes de “Source” y “Destination” porque una
corresponde a la dirección física (MAC) y la otra corresponde a la dirección
lógica (IP).

What protocols are in the Ethernet frame? IP

As you select a line in the Packets Detail pane all or part of the information in
the Packet Bytes pane also becomes highlighted.
For example, if the second line (+ Ethernet II) is highlighted in the Details pane
the Bytes pane now highlights the corresponding values.

This shows the particular binary values that represent that information in the
PDU. At this stage of the course, it is not necessary to understand this
information in detail.

Step 4: Go to the File menu and select Close.

Click on Continue without Saving when this message box appears.

Task 2: FTP PDU Capture

Step 1: Start packet capture.

Assuming Wireshark is still running from the previous steps, start packet
capture by clicking on the Start option on the Capture menu of Wireshark.

At the command line on your computer running Wireshark, enter ftp

192.168.254.254

When the connection is established, enter anonymous as the user without a

password.

Userid: anonymous
Password: <ENTER>

You may alternatively use login with userid cisco and with password cisco.

When successfully logged in enter get /pub/eagle_labs/eagle1/chapter1/gaim-

1.5.0.exe and press the enter key <ENTER>. This will start downloading the file
from the ftp server. The output will look similar to: C:\Documents and
Settings\ccna1>ftp eagle-server.example.com

Connected to eagle-server.example.com.

220 Welcome to the eagle-server FTP service. User (eagle-

server.example.com:(none)): anonymous
331 Please specify the password.
Password:<ENTER>
230 Login successful.
ftp> get /pub/eagle_labs/eagle1/chapter1/gaim-1.5.0.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for
pub/eagle_labs/eagle1/chapter1/gaim-1.5.0.exe (6967072 bytes).
226 File send OK.
ftp: 6967072 bytes received in 0.59Seconds 11729.08Kbytes/sec.
When the file download is complete enter quit
ftp> quit
221 Goodbye.

C:\Documents and Settings\ccna1>

When the file has successfully downloaded, stop the PDU capture in Wireshark.

Step 2: Increase the size of the Wireshark Packet List pane and scroll through
the PDUs listed.

Locate and note those PDUs associated with the file download.

These will be the PDUs from the Layer 4 protocol TCP and the Layer 7 protocol
FTP.

Identify the three groups of PDUs associated with the file transfer.

If you performed the step above, match the packets with the messages and
prompts in the FTP command line window.

The first group is associated with the "connection" phase and logging into the
server.

List examples of messages exchanged in this phase.

Response: 220 “Welcome to the Suse ftp server: Please login as user ftp”
Request: USER Anonymous
Response: 331 Please send your email address as a password
Request: PASS
Response: 230 Login successful. Have a lot of fun.
Locate and list examples of messages exchanged in the second phase that is
the actual download request and the data transfer.

Request: Port 192,168,1,10,19,137

Response: 200 PORT command successful. Consider using PASV
Request: LIST
Response: 150 Listing
Response: 226 Directory send OK
Request: CWD msgs
Response: 250 CWD command successful
Request: Port 192,168,1,10,19,138
Response: 200 PORT command successful. Consider using PASV
Request: LIST
Response: 150 Listing
Response: 226 Directory send OK
Request: Port 192,168,1,10,19,139
Response: 200 PORT command successful. Consider using PASV
Request: RETR /msgs/noreal.msg
Response: 150 Opening BINARY mode data connection for /msgs/noreal.msg
Response: 226 File send OK

The third group of PDUs relate to logging out and "breaking the connection".
List examples of messages exchanged during this process.

Request: QUIT
Response: 221 Goodbye
Locate recurring TCP exchanges throughout the FTP process. What feature of
TCP does this indicate?

TCP crea la conexión con el servidor FTP y se encarga de verificar que los
datos sean entregados en el destino sin errores y en el mismo orden en que
fueron transmitidos. ACK indica que el mensaje ha llegado correctamente.

Step 3: Examine Packet Details.

Select (highlight) a packet on the list associated with the first phase of the FTP
process.

View the packet details in the Details pane.

What are the protocols encapsulated in the frame? IP, TCP, FTP

Highlight the packets containing the user name and password.

Examine the highlighted portion in the Packet Byte pane.

What does this say about the security of this FTP login process? No se nota
ningún tipo de seguridad, ya que al registrarme ingreso como usuario anónimo
y no se me pide ningún tipo de contraseña. Salvo el hecho de que entro como
usuario pasivo y no se me permite modificar ningún archivo existente en el
servidor FTP.

Highlight a packet associated with the second phase.

From any pane, locate the packet containing the file name.

The filename is: noreal.msg

Highlight a packet containing the actual file content - note the plain text visible in
the Byte pane.

Highlight and examine, in the Details and Byte panes, some packets exchanged
in the third phase of the file download.

What features distinguish the content of these packets? Las características

exclusivas que pudimos notar en los paneles de la tercera fase es que en el
cuadro final se muestra un mensaje describiendo la acción realizada por ese
protocolo en particular. De otro lado, el panel de bytes es notable que el
tamaño del paquete capturado es mayor que en otros paquetes con otros
protocolos.

When finished, close the Wireshark file and continue without saving
Task 3: HTTP PDU Capture

Step 1: Start packet capture.

Assuming Wireshark is still running from the previous steps, start packet
capture by clicking on the Start option on the Capture menu of Wireshark.

Note: Capture Options do not have to be set if continuing from previous steps of
this lab.

Launch a web browser on the computer that is running Wireshark.

Enter the URL of the Eagle Server of example.com or enter the IP address-
192.168.254.254. When the webpage has fully downloaded, stop the Wireshark
packet capture.

Step 2: Increase the size of the Wireshark Packet List pane and scroll through
the PDUs listed.

Locate and identify the TCP and HTTP packets associated with the webpage
download.

Note the similarity between this message exchange and the FTP exchange.

Step 3: In the Packet List pane, highlight an HTTP packet that has the notation
"(text/html)" in the Info column.

In the Packet Detail pane click on the "+" next to "Line-based text data: html"

When this information expands what is displayed? Nos muestra el código html
de la página cargado en ese paquete, tal como vemos a continuación.
Examine the highlighted portion of the Byte Panel.

This shows the HTML data carried by the packet.

When finished close the Wireshark file and continue without saving.

Task 4: Reflection

Consider the encapsulation information pertaining to captured network data

Wireshark can provide. Relate this to the OSI and TCP/IP layer models. It is
important that you can recognize and link both the protocols represented and
the protocol layer and encapsulation types of the models with the information
provided by Wireshark.

Task 5: Challenge

Discuss how you could use a protocol analyzer such as Wireshark to:

(1) Troubleshoot the failure of a webpage to download successfully to a browser

on a computer.

and

(2) Identify data traffic on a network that is requested by users.

Wireshark es un instrumento de diagnóstico muy importante ya que nos

muestra la información de todos los paquetes de datos que entran y salen
dentro de una red de computadores, el medio por el cual se transmiten y los
protocolos que realizan el proceso. Teniendo en cuenta esta información,
podremos determinar cuál de los pasos anteriormente mencionados está
mostrando una falencia a la hora de procesar los paquetes de datos. Por
ejemplo, puede indicarnos si la capa 2del modelo OSI está fallando (la tarjeta
de interfaz de red está presentando problemas). De esta manera podemos
hacer un diagnóstico acertado y solucionar más fácilmente el problema.