P a g e
Lab 3: Packet Capture
In this lab, you will use a “packet sniffer” called Wireshark to capture and analyze TCP and HTTP packets
generated between the PC browser and a web server, such as
. When the
application layer of the TCP/IP protocol stack creates an HTTP message, that message is “encapsulated”
by a transport layer header.
The header identifies the protocol TCP which is used to make a reliable
connection to a web server.
TCP uses a three-way handshake to establish a connection and a three-way
handshake to take down a connection between the two hosts. The Internet layer adds a header
indicating the logical IP address, but is also responsible to retrieve the MAC address which is passed to
the Data Link layer for addition into the LAN header.
You will see how the Internet layer uses a protocol
called ARP (Address Resolution Protocol) to find the MAC or Ethernet address of the next link. Lastly, you
will see the message syntax and sequence of the HTTP protocol.
Demonstrate basic packet capturing with Wireshark
Examining the TCP handshake used to set and take down a reliable connection
Examine how the Internet layer uses ARP
Use the MyApps folder to locate Wireshark
Click the Launch button to open Wireshark
at a command prompt to get the IP and physical addresses of the local
Select an Interface to capture called “Ethernet” which shows activity on it. Similar to the screen
Before we capture packets delete the ARP
This area of memory keeps a
mapping or IP addresses to MAC addresses.
Physical Address of host
IP Address of host
IP Address of default gateway
Physical address of default gateway