Scribd
Upload
11 views

LAB EXPERIMENT-4

COMPUTER NETWORKS EXPERIMENTS

Uploaded by

akhil244392
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

LAB EXPERIMENT-4

COMPUTER NETWORKS EXPERIMENTS

Uploaded by

akhil244392
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

EXPERIMENT-4

Perform Network Packet Analysis Using Wireshark.

What is Wireshark?
 Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in
as much detail as possible.
 You could think of a network packet analyzer as a measuring device for examining what’s happening
inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside
an electric cable (but at a higher level, of course).
 In the past, such tools were either very expensive, proprietary, or both. However, with the advent of
Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best
packet analyzers available today.

Some intended purposes


 Network administrators use it to troubleshoot network problems
 Network security engineers use it to examine security problems
 QA engineers use it to verify network applications
 Developers use it to debug protocol implementations
 People use it to learn network protocol internals

Features
 Available for UNIX and Windows.
 Capture live packet data from a network interface.
 Open files containing packet data captured with tcpdump/WinDump, Wireshark, and many other packet
capture programs.
 Import packets from text files containing hex dumps of packet data.
 Display packets with very detailed protocol information.
 Save packet data captured.
 Export some or all packets in a number of capture file formats.
 Filter packets on many criteria.
 Search for packets on many criteria.
 Colorize packet display based on filters.
 Create various statistics.

Installing Wireshark
Step 1: Install Wireshark

Step 2: Open Wireshark


Now, if the Wireshark interface does not show your Ethernet/Wireless LAN Networks it looks as
follows:

Now, exit Wireshark (close the Wireshark application)

So, to view the network interface, execute the following command:

Now, again open Wireshark:

You will now see the available interfaces as follows:

We shall now start capturing the packets using the enp0s3 interface. (click on enp0s3 interface to see how the
packets are captured.)
It looks as follows:

The Menu

File
This menu contains items to open and merge capture files, save, print, or export capture files in
whole or in part, and to quit the Wireshark application.

Edit
This menu contains items to find a packet, time reference or mark one or more packets, handle
configuration profiles, and set your preferences.

View
This menu controls the display of the captured data, including colorization of packets, zooming the
font, showing a packet in a separate window, expanding and collapsing trees in packet details.

Go
This menu contains items to go to a specific packet.

Capture
This menu allows you to start and stop captures and to edit capture filters.

Analyze
This menu contains items to manipulate display filters, enable or disable the dissection of protocols,
configure user specified decodes and follow a TCP stream.

Statistics
This menu contains items to display various statistic windows, including a summary of the packets
that have been captured, display protocol hierarchy statistics and much more.
Telephony
This menu contains items to display various telephony related statistic windows, including a media
analysis, flow diagrams, display protocol hierarchy statistics and much more.

Wireless
This menu contains items to display Bluetooth and IEEE 802.11 wireless statistics.

Tools
This menu contains various tools available in Wireshark, such as creating Firewall ACL Rules.

For more information visit:

https://www.wireshark.org/docs/wsug_html_chunked/ChapterUsing.html

The “Packet List” Pane


The packet list pane displays all the packets in the current capture file.

The “Packet Details” Pane

The “Packet Bytes” Pane

The default columns will show:

 No. The number of the packet in the capture file. This number won’t change, even if a display filter is used.
 Time The timestamp of the packet. The presentation format of this timestamp can be changed.
 Source The address where this packet is coming from.
 Destination The address where this packet is going to.
 Protocol The protocol name in a short (perhaps abbreviated) version.
 Length The length of each packet.
 Info Additional information about the packet content.
TO VIEW A PARTICULAR PANE, GO TO: EDIT-> PREFERENCES->APPEARANCE->LAYOUT

YOU CAN SELECT THE DIFFERENT VIEWS USING THE RADIO BUTTONS IN DIFFERENT PANES
PROFILE:
ADD NEW PROFILE:

PREFERENCES:
EDIT->PREFERENCES

YOU CAN CHOOSE PACKET DIAGRAM AS PANE 3 IF YOU WANT.


EDIT->PREFERENCES->COLUMNS
COLORING RULES:
CREATING A BUTTON FOR TCP SYN:

YOU CAN SEE THE BUTTON ADDED:


ADDING COLUMNS:

CAPTURING THE TRAFFIC:


FILTERING TRAFFIC:
NAME RESOLUTION:
EDIT->PREFERENCES->NAME RESOLUTION
Check the “Resolve transport names” field

You will now see the transport names in your packet list:
Source and destination names are resolved after checking the above options:

Now, go to statistics-> resolved addresses, you will find the ip addresses and resolved names.

We can add names to our private ip addresses also (right click on a record):
Now, go to statistics-> resolved addresses, you will find the ip addresses and resolved name of newly
added client.
WIRESHARK STATISTICS:
Using trace file:
uploaded in google class room with name: Wireshark_Mclass_Lesson8_Stats.pcapng
Open this file in wireshark.
Go to:
Adding filter from the conversation and viewing in the packet list:

It looks as follows:

You might also like