DCF255_L3_packetcapture.pdf - Lab 3 DCF255 Page |1 Lab 3:...

This preview shows page 1 - 3 out of 7 pages.

The preview shows page 1 - 3 out of 7 pages.
Lab 3DCF255P a g e|1Lab 3: Packet CaptureIntroductionIn this lab, you will usea “packetsniffer” calledWireshark to capture and analyze TCP packets generatedbetween the PC browser and a web server, such asmatrix.senecacollege.ca. When the application layerof the TCP/IP protocol stack creates an HTTP message, that message is“encapsulated” by atransport layerheader.The header identifies the protocol TCP which is used to make a reliable connection to a webserver.TCP uses a three-way handshake to establish a connection and a three-way handshake to takedown a connection between the two hosts. The Internet layer adds a header indicating the logical IPaddress, but is also responsible to retrieve the MAC address which is passed to the Data Link layer foraddition into the LAN header.You will see how the Internet layer uses a protocol called ARP (AddressResolution Protocol) to find the MAC or Ethernet address of the next link. Lastly, you will see the messagesyntax and sequence of the HTTP protocol.Objective:1.Demonstrate basic packet capturing with Wireshark2.Examining the TCP handshake used to set and take down a reliable connection3.Examine how the Internet layer uses ARPInstructions:1.Use the MyApps folder to locate Wireshark2.Click the Launch button to open Wireshark3.Useipconfig /allat a command prompt to get the IP and physical addresses of the localmachine.4.Before we capture packets delete the ARP cache.This area of memory keeps a mapping or IPaddresses to MAC addresses. We want to delete any previous entry so that the protocol ARP willneed to be used in our capture5.Openacommandlinewindowsasadministratorandtypethefollowing:netsh interface ip delete arpcachePhysical Address of hostIP Address of hostIP Address of default gatewayPhysical address of default gateway
Lab 3DCF255P a g e|2Capturing and Examining TCP PacketsTCP Connection Setup: 3-way Handshake1.Close all the browser windowsbeforestarting wireshark.2.SelectanInterfacetocapturecalled“Ethernet” which shows activity on it. Similar to the screen shot above3.On wireshark select the interface for packet capturing (ethernet or wifi)4.On the capture menu click the Start button5.Open the browser and navigate tomatrix.senecacollege.ca6.When the web page loads, close the client window and wait a couple of seconds7.Return to Wireshark andStopcapture.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 7 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
N/A
Tags
IP address, Transmission Control Protocol, Address Resolution Protocol

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture