Scribd
Upload
5 views

CN LAB EXP 5

Uploaded by

gmreddyqowi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

CN LAB EXP 5

Uploaded by

gmreddyqowi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

5.

Using a tool Wireshark to capture packets and examine the packets

AIM:
To install wire shark to capture and Examine the packets.

WIRESHARK:
Wire shark is an open-source tool for profiling network traffic and analyzing packet. Such tool is often
referred as a network analyze, protocol analyzer or Sniffer.

It is used to understand how communication takes place across a network and to analyze what went wrong
when an issue in communication arises.

It captures network traffic from ethernet, Bluetooth, wireless (IEEE.802.11)token ring, and frame relay
connections, among others, and stores that data for offline analysis.

Wire shark allows you to filter the log before the capture starts or during analysis, for example, you can set
a filter to see TCP traffic between two IP addresses, or you can set it only to show you the packet sent from
one computer.

The filters in Wire shark are one of the primary reasons it has become the standard tool for packet
analysis.

Installation of Wire shark:


Step 1: Your first step is to head to the Wire shark download page

https://www.wireshark.org/download.html and locate the Windows installer.


Step 2: You will be presented with the Wire shark wizard to guide you through the installation
Click “Next.”

Step 3: Next, you can review, agree to the license agreement, and click “Noted” to continue.

Step 4: You will be asked what components you want to install. You can make your choice and
then click “Next.”

Step 5: Choose a directory to install Wires hark in, showing you the space Required to install it.

Step 6: Install Ncap.

Ncap is an open-source library for packet captures and network analysis which allows Wire
shark to capture and analyze network traffic effectively. It enhances Wire shark’s capabilities by
providing optimized packet capture.
Step 7: The next screen will ask if you want to install USBPcap, an open-source USB packet
capture utility that lets you capture raw USB traffic, helpingAnalyze and troubleshoot USB
devices, this is not mandatory.

Click “Install” to begin the installation.

Step 8: Wire shark will now begin the installation process. A window wills popup during
installation to install cap.

Step 9: Ncap will begin the installation; click” Next” once complete.

Step 10: Wire shark will now complete its installation. Once complete, you can click “Next”.

Step 11: On the last window, click “Finish” to complete the setup.

Step 12: Wire shark will not now be installed, and you can begin packet Capturing.
When you install the wire shark program, the wire shark GUI with no data will be displayed.

Select one of the wire shark interface, eth0, eth1 will be displayed. Click“Start” for interface eth0,
begin the packet capture.

All packets being sent/received from/by the computer are now being captured by wire shark. Click
“Start”.

Wire shark User Interface:


The wire shark interface has 5 major components.

The Command menus are the standard pull down menus located at top.

The Packet listing window displays a one-line summary for each packet captured, it includes
Packet number, Packet capture time, Packet’s source & destination address, Protocol type,
Protocol specific information.

The Packet header details window provides about packet selected in the packet listing window. It
includes details about Ethernet frame and IP datagram of the packet. If the packet has been
carried over by TCP/UDP, that details will also be displayed.
Packet contents window displays entire contents of the captured frame in both ASCII and
hexadecimal format.

In the Packet display filter field, the protocol name or other information can be entered to
filter the information displayed in packet listing window.

Capturing Packets:
After installing and downloading Wire shark, launch it and click the name ofan interface
under Interface List to start capturing packets.

Test Run:
Start any browser Start the wire shark software Select an interface Stop wire shark packet
capture once the browser has been displayed.

Color coding: Packets will be highlighted in blue, green, black which helps to identify the types of
traffic. Green TCP traffic, Dark Blue DNS traffic, Light Blue UDP traffic, Black TCP
packets with problems.

V Click on any packet and go to the bottom pane.

Inspecting Packet flow:


We have a live packet data that contains all protocol message exchange between your computer
and other network entities.

To filter the connection and to get a clear data type “http” in the filtering field. Note that
directly typing the destination will not work as wire shark doesn’t have ability to discern the
protocols field.

To get more precise data set http. Host == www.networksecurity.edu “follow” a packet from the
list that matches the filter. Use “Contains with other protocols.”
RESULT:
Thus, the installation of Wire shark and observing the Packets has been executed successfully.

You might also like