Scribd
Upload
17 views

SEC220_Lab1_Network Sniffing_Updated 17Jan2022

Lab 1 focuses on network sniffing using Wireshark to capture and analyze network traffic. The objectives include demonstrating traffic sniffing and the TCP three-way handshake, with specific steps outlined for capturing HTTP messages and the handshake process. A well-organized lab report is required, including screenshots and descriptions, with penalties for late submissions.

Uploaded by

nisadakash26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
17 views

SEC220_Lab1_Network Sniffing_Updated 17Jan2022

Lab 1 focuses on network sniffing using Wireshark to capture and analyze network traffic. The objectives include demonstrating traffic sniffing and the TCP three-way handshake, with specific steps outlined for capturing HTTP messages and the handshake process. A well-organized lab report is required, including screenshots and descriptions, with penalties for late submissions.

Uploaded by

nisadakash26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

SEC220 Lab 1

Lab 1: Network Sniffing


Overview:
The goal of this lab is to show you how easy it is to look at traffic on a network.
We will be using Wireshark to sniff the network.
The basic tool for observing the messages exchanged between executing protocol entities is
called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being
sent/received from/by your computer; it will also typically store and/or display the contents of
the various protocol fields in these captured messages. A packet sniffer itself is passive. It just
observes messages exchanged over the network

Objective:
1. Demonstrate how to sniff a traffic
2. Demonstrate three-way handshake

The sections highlighted in:


 green do not require IFS Lab or VM Workstation Pro & Windows 10
 yellow require VM Workstation Pro & Windows 10
 red require the IFS Lab
 Blue the screenshots you need to include in your lab report

Resources
For this lab you’ll be using the following:
1- Your Kali 2021 VM
2- The application Wireshark.

The Lab Activities


Part 1: Capturing network traffic
 In your Kali machine open the Wireshark application.
o When you run the Wireshark program, you’ll get a startup screen that looks
something like the screen below. Different versions of Wireshark will have
different startup screens – so don’t panic if yours doesn’t look exactly like the
screen below!

Page 1 of 4
SEC220 Lab 1

 Under the Capture section, there is a list of so-called interfaces. You need to choose your
interface to start packet capturing.
 When you start capturing, a screen like the one below will be displayed, showing
information about the packets being captured. Once you start packet capture, you can
stop it by selecting Stop capturing packets.

Steps
1. Start up your favorite web browser, which will display your selected homepage.
2. Start up the Wireshark software.
3. To begin packet capture, under the Capture section, choose your virtual machine
interface to start packet capturing.
4. Click on “start capturing packet” button (blue button) to start capturing.
a. Packet capture will now begin - Wireshark is now capturing all packets being
sent/received from/by your computer!
Note: Don’t stop packet capture yet. Let’s capture some interesting packets first. To do so,
we’ll need to generate some network traffic. Let’s do so using a web browser, which will use
the HTTP protocol that we will study in detail.

Page 2 of 4
SEC220 Lab 1

5. While Wireshark is running, enter the below URL and have that page displayed in your
browser:
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html

To display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and
exchange HTTP messages with the server to download this page.
The Ethernet frames containing these HTTP messages (as well as all other frames
passing through your Ethernet adapter) will be captured by Wireshark.

6. After your browser has displayed a simple one line of “Congratulations!”, stop
Wireshark packet capture by selecting stop in the Wireshark capture window.
7. Type in “http” (without the quotes, and in lower case – all protocol names are in lower
case in Wireshark) into the display filter specification window at the top of the main
Wireshark window. This will cause only HTTP message to be displayed in the packet-
listing window.
8. Find the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu
HTTP server.
9. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP
segment, and HTTP message header information will be displayed in the packet-header
window.
10. Maximize the details section to see detailed information displayed about the HTTP
protocol.
11. Take screenshot showing source and destination IP addresses and port addresses. for the
HTTP GET message while maximum information for HTTP protocol is displayed.
Highlight the IP addresses in the screenshot (using Snipping tool or any other app).
12. Insert your image into the report template and add description of what is happening.

Part 2: Capturing a TCP 3-way handshake

Steps
1. Clear the filter of part 1 (clear “http” filter)
2. Click the ‘Start’ button.
3. Again, browse to http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html
4. Click ‘Stop’ capture.
5. You may want to set the Capture Filters to ‘not arp and not icmp and not port 53 and not
port 443 and not udp’ to reduce the amount of data generated.
a. Note: the filters might be already setup, however if any of those filters are
missing, add the missing filter by:
i. Click on “Capture”>Capture Filters
ii. Click on the ‘+’ sign at the bottom
6. Find the 3-way handshake based on the source and destination IP Address, take screenshots
showing:
 A screen shot showing the three-way handshake and highlight each handshake.
 In GET HTTP confirm which webpage this packet is getting. Take a screenshot and
highlight the host.
7. Insert your screenshots in the report template
8. Clear the filter and look up 3 different protocols that appear in the protocol column in the
unfiltered packet-listing window and write them down in your report.

Page 3 of 4
SEC220 Lab 1

Lab Report Write-up


Submit your lab results using the template provided for lab 0. Make sure your lab report is well organized
with proper titles.

Your report must contain the following:


1- Your name & student number
2- Screenshots as requested above
3- Each screen shot must show:
a. System date & time
b. Your customized background
c. Caption describing what the screenshot is about
Notes:
 Labs submitted one week late, will lose 50% of the grade automatically, and if later than that, it
will be assigned a grade of ‘F’.
 Late Assignments still need to be satisfactorily completed and submitted by the end of the
semester to meet SEC220’s Promotion Requirements.

Page 4 of 4

You might also like