Wireshark Steven Lee Jan 25 2017 Packet capture Why do we need to capture packets Troubleshoot network problems Examine security problems Debug protocol implementations Learn network protocol internals ID: 530227
Download Presentation The PPT/PDF document "COMP2322 Lab 1" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
COMP2322 Lab 1Wireshark
Steven Lee
Jan. 25, 2017Slide2
Packet capture
Why do we need to capture packets?
Troubleshoot network problems
Examine security problemsDebug protocol implementationsLearn network protocol internals
2Slide3
Existing packet capture tools/sniffers
Classic tools
Wireshark
tcpdumpOther toolsEttercap
dsniff
ntop
KismetWinDumpTShark
3Slide4
What is Wireshark?
An open source network protocol analyzer
Capture network packets
Display packet dataSupports 2157 protocols (as of v2.2.3)Supports command-line and GUI interfaces
Supports multiple platforms including Windows,
macOS
, Linux and UnixWireshark User’s Guide (https://www.wireshark.org/download/docs/user-guide-a4.pdf)
4Slide5
libpcap and WinPcap
Libraries for network traffic capture
Provide the core functions of packet capturing
Linux/Unix: libpcap
(
http://www.tcpdump.org/
)Windows: WinPcap(http://www.winpcap.org
)
5Slide6
Practice 1
Y:\Win32\WiresharkPortable_1.4
Select the right interface.
Start packet capture for 10 seconds and save the traceQuestion 1 (4 marks)How many interface(s) do you see? What are they?
Which interface have you chosen and why?
6Slide7
Filters
Capture filters
Only packets that meet the rule(s) are captured and decoded
Syntax: https://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
Display filters
Do not affect what packets are captured
Only affect which captured packets are displayedhttps://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
7Slide8
Some other features
Follow TCP stream
Analyze
→ Follow → TCP StreamStatistics
Capture File Properties
: statistics on this capture file
Conversations: statistics on captured conversationsA conversation is the traffic between two specific endpointsEndpoints: traffic statistics on end hosts
IO Graph
: visualization of captured network packets
8Slide9
Practice 2
Visit
http://www4.comp.polyu.edu.hk/~comp2322/
Question 2 (22 marks)What capture filter can be used to capture only HTTP traffics?
What display filter can be used to display only HTTP traffics?
What is your IP address?
What is the server’s IP address?
What is the HTTP version?
What is the HTTP request method?
How many HTTP request(s) is/are sent to the server? Mark the request packet(s) by right-clicking it/them and select
Mark/Unmark Packet
.
What is/are the status code(s) in the response(s)?
How many application protocol(s) is/are captured while accessing the website?
What protocol(s) does HTTP rely on?
What is the relationship between HTTP and the World Wide Web (WWW)?
9Slide10
Practice 3
Visit
https://www.google.com/
Question 3 (4 marks)What port does HTTPS use?
How is a HTTPS connection established?
10Slide11
Practice 4
Visit
https://www.facebook.com/
Question 4 (4 marks)What are the IP addresses of Facebook when visited at home and on campus?
Are the IP addresses the same? If not, can you guess why? (Hint: content delivery network (CDN))
11