Lab 01.docx - Lab 3 DCF255 Page |1 Lab 3 Packet Capture...

This preview shows page 1 - 3 out of 7 pages.

Lab 3 DCF255 P a g e | 1 Lab 3: Packet Capture Introduction In this lab, you will use a “packet sniffer” called Wireshark to capture and analyze TCP and HTTP packets generated between the PC browser and a web server, such as matrix.senecacollege.ca . When the application layer of the TCP/IP protocol stack creates an HTTP message, that message is “encapsulated” by a transport layer header. The header identifies the protocol TCP which is used to make a reliable connection to a web server. TCP uses a three-way handshake to establish a connection and a three-way handshake to take down a connection between the two hosts. The Internet layer adds a header indicating the logical IP address, but is also responsible to retrieve the MAC address which is passed to the Data Link layer for addition into the LAN header. You will see how the Internet layer uses a protocol called ARP (Address Resolution Protocol) to find the MAC or Ethernet address of the next link. Lastly, you will see the message syntax and sequence of the HTTP protocol. Objective: 1. Demonstrate basic packet capturing with Wireshark 2. Examining the TCP handshake used to set and take down a reliable connection 3. Examine how the Internet layer uses ARP 4. Examine the message syntax and sequence of the HTTP protocol Instructions: 1. Use the MyApps folder to locate Wireshark 2. Click the Launch button to open Wireshark 3. Use ipconfig /all at a command prompt to get the IP and physical addresses of the local machine. 4. Select an Interface to capture called “Ethernet” which shows activity on it. Similar to the screen shot below 5. Before we capture packets delete the ARP cache. This area of memory keeps a mapping or IP addresses to MAC addresses. We want to delete any previous entry so that the protocol ARP will need to be used in our capture Physical Address of host B8-81-98-C0-A4-8B IP Address of host 192.168.0.11 IP Address of default gateway 192.168.0.1 Physical address of default gateway F0-F2-49-A3-CA-E2
Lab 3 DCF255 P a g e | 2 6. Open a command line windows as administrator and type the following: netsh interface ip delete arpcache Capturing and Examining TCP Packets TCP Connection Setup: 3-way Handshake 1. On the capture menu click the Start button 2. Open the browser and navigate to matrix.senecacollege.ca 3. When the web page loads, close the client window and wait a couple of seconds 4. Return to Wireshark and Stop capture. 5. Save the capture as a file called learnname_L3_capture . This is important, if you need to return to the original file after applying display filters.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture