Name : Salim Tadvi

Reg no : 201070042
COMPUTER NETWORKS
EXPERIMENT4 C

Aim: Study of the application layer parameter using Wireshark.

Objective:

In this experiment, we will be learning various protocols in the application layer with the help of Wireshark.

Theory:

TCP/IP Model helps you to determine how a specific computer should be connected to the internet and how data should
be transmitted between them. It helps you to create a virtual network when multiple computer networks are connected.

The purpose of the TCP/IP model is to allow communication over large distances. TCP/IP stands for
Transmission Control Protocol/ Internet Protocol. TCP/IP Stack is specifically designed as a model to offer highly
reliable and endto- end byte stream over unreliable internetwork.

Application layer performs the functions of top three layers of the OSI model: Application, Presentation and
Session Layer. It is responsible for node-to-node communication and controls user-interface specifications. Some of the
protocols present in this layer are: HTTP, HTTPS, FTP, TFTP, Telnet, SSH, SMTP, SNMP, NTP, DNS, DHCP,
NFS, X Window, LPD. Have a look at Protocols in Application Layer for some information about these protocols.
Protocols other than those present in the linked article are :

1. HTTP and HTTPS – HTTP stands for Hypertext transfer protocol. It is used by the World Wide
Web to manage communications between web browsers and servers. HTTPS stands for
HTTP-
Secure. It is a combination of HTTP with SSL(Secure Socket Layer). It is efficient in cases
where the browser need to fill out forms, sign in, authenticate and carry out bank
transactions.

2. DNS- The Domain Network System (DNS) protocol helps Internet users and network devices
discover websites using humanreadable hostnames, instead of numeric IP addresses.

3. DHCP- Dynamic Host Configuration Protocol (DHCP) is a network management protocol

used to dynamically assign an IP address to nay device, or node, on a network so they can
communicate using
 IP (Internet Protocol). DHCP automates and centrally manages these configurations. There is no
need to manually assign IP addresses to new devices. Therefore, there is no requirement for
any user configuration to connect to a DHCP based network.

1. HTTP

The Hyper Text Transport Protocol is a text-based request-response clientserver protocol. A HTTP client (e.g. a web
browser such as Mozilla) performs a HTTP request to a HTTP server (e.g. the Apache HTTP server), which in
return will issue a HTTP response. The HTTP protocol header is text-based, where headers are written
in text lines.

HTTP/1.1 allows for client-server connections to be pipelined, whereby multiple requests can be sent (often in the
same packet), without waiting for a response from the server. The only restriction is the server MUST return the
responses in the same order as they were received. This enables greater efficiency, especially on
revalidation.

The example in Figure shows in the packet-listing window that two HTTP messages were captured: the GET message
(from your browser to the web server) and the response message from the server to your browser. The packet-contents
window shows details of the selected message (in this case the HTTP OK message, which is highlighted in the packet-
listing window). Recall that since the HTTP message was carried inside a TCP segment, which was carried inside an IP
datagram, which was carried within an Ethernet frame, Wireshark displays the Frame, Ethernet, IP, and TCP
packet information as well. We want to minimize the amount of non-HTTP data displayed (we’re interested in HTTP
here, and will be investigating these other protocols is later labs), so make sure the boxes at the far left of the
Frame, Ethernet, IP
and TCP information have a plus sign or a right-pointing triangle (which means there is hidden, undisplayed information),
and the HTTP line has a minus sign or a down-pointing triangle (which means that all information about the
HTTP message is displayed).

2. DNS

Domain Name System (DNS)

DNS is the system used to resolve store information about domain names including IP addresses, mail servers, and
other information.

DNS actually gives a mapping of the hostname of a network and its address. It has proved to ease human life
manifold when one looks at its working and the service it offers. It helps users by translating the domain names into IP
addresses, allowing them to surf the web without memorizing such complex IP codes. Coming on to
Wireshark, which is an open- source packet analyzer and has been widely in use since its inception in the
web world, to analyze packets received or sent in a network. We can use Wireshark to segment the DNS
system and get a detailed look at it. The default port for DNS traffic in Wireshark is 53, and the protocol is
UDP (User Datagram Protocol).

After we start Wireshark, we can analyze DNS queries easily. We shall be following the below steps:

• In the menu bar, Capture → Interfaces.

• Select a particular Ethernet adapter/WIFI and click start.

• After this, browse to any web address and then return to Wireshark. Browsing would get packets captured
and in Wireshark click the stop in the Capture menu to stop the capture.

• If you haven’t got the packet list by now, you can access it using Edit → Find Packets. This will give
you the packet list.

• Since we are going to analyze DNS we shall be studying only DNS packets and to get DNS packets,
only you can apply DNS in the filters above.
A basic DNS response has:

1. Transaction Id-for identification of the communication done.

2. Flags-for verification of response whether it is valid or not.

3. Questions-default is 1 for any request sent or received. It mainly denotes whether you have queried
for something or not.

4. Answers-default is 0 if the response is sent, and it’s 1 if received. If the received packet is viewed
then the Answers section has the IP address of the desired domain name along with Time to Live which is
basically a counter which expires after its allotted time.

3. DHCP

Dynamic Host Configuration Protocol(DHCP) is an application layer protocol which is used to provide:

1. Subnet Mask (Option 1 – e.g., 255.255.255.0)

2. Router Address (Option 3 – e.g., 192.168.1.1)
3. DNS Address (Option 6 – e.g., 8.8.8.8)
4. Vendor Class Identifier (Option 43 – e.g., ‘unifi’ = 192.168.1.9 ##where unifi = controller)
DHCP is based on a client-server model and based on discovery, offer, request, and ACK.
DHCP port number for server is 67 and for the client is 68. It is a Client server protocol which uses UDP
services. IP address is assigned from a pool of addresses. In DHCP, the client and the server exchange mainly 4
DHCP messages in order to make a connection, also called DORA process, but there are 8 DHCP messages in
the process.

To capture DHCP traffic:

1. Start a Wireshark capture.

2. Open a command prompt.
3. Type ipconfig /renew and press Enter.
4. Type ipconfig /release and press Enter.
5. Type ipconfig /renew and press Enter.
6. Close the command prompt.
7. Stop the Wireshark capture.
DHCP Handshake.

CONCLUSION: We have successfully studied the various protocols in the application layer using wireshark.