DCF255_Lab3_Packetcapture_April2020.docx - Lab 3 DCF255...

This preview shows page 1 - 3 out of 6 pages.

Lab 3 DCF255 P a g e | 1 April2020 Lab 3: Packet Capture Instructions: 1. Use the MyApps folder to locate Wireshark 2. Click the Launch button to open Wireshark 3. Use ipconfig /all at a command prompt to get the IP and physical addresses of the local machine. 4. Select an Interface to capture called “Ethernet” which shows activity on it. Similar to the screen shot below 5. Before we capture packets delete the ARP cache. This area of memory keeps a mapping or IP addresses to MAC addresses. We want to delete any previous entry so that the protocol ARP will need to be used in our capture 6. Open a command line windows as administrator and type the following: netsh interface ip delete arpcache Capturing and Examining TCP Packets TCP Connection Setup: 3-way Handshake 1. Close all the browser windows before starting wireshark. 2. On wireshark select the interface for packet capturing (ethernet or wifi) 3. On the capture menu click the Start button 4. Open the browser and navigate to matrix.senecacollege.ca Physical Address of host 50:9a:4c:48:5f:e2 IP Address of host 10.32.196.134 IP Address of default gateway 10.32.196.1 Physical address of default gateway 78:48:59:e0:5d:6c
Lab 3 DCF255 P a g e | 2 5. When the web page loads, close the client window and wait a couple of seconds 6. Return to Wireshark and Stop capture. 7. Save the capture as a file called learnname_L3_capture . This is important, if you need to return to the original file after applying display filters. 8. Type in the Display filter text box ip.addr==142.204.165.128 (if accessing from outside Seneca network. If this does not work ping matrix.senecacollege.ca and get the ip address from the ping reply message) or ip.addr==10.102.108.5 (from Seneca network).This will show the beginning of your conversation with the matrix server. Your Wireshark window should look like the screen shot below. 6. Notice the first conversation between your host to the server is a [SYN] packet with an info number of 49912 (yours will be different). The latter is a TCP flag which tells the server to open a connection to the host. Notice SEQ=0. Click on the [SYN] packet and open the drop-down arrow on the Transmission Control Protocol in the Details pane in the middle Wireshark window. 7. In the top Wireshark packet list pane, select the second TCP packet, labeled SYN, ACK with the same info number 49912.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture