Lab 3DCF255P a g e|1Lab 3: Packet CaptureIntroductionIn this lab, you will use a “packet sniffer” called Wireshark to capture and analyze TCP packets generatedbetween the PC browser and a web server, such asmatrix.senecacollege.ca. When the application layerof the TCP/IP protocol stack creates an HTTP message, that message is “encapsulated” by a transportlayer header.The header identifies the protocol TCP which is used to make a reliable connection to a webserver.TCP uses a three-way handshake to establish a connection and a three-way handshake to takedown a connection between the two hosts. The Internet layer adds a header indicating the logical IPaddress, but is also responsible to retrieve the MAC address which is passed to the Data Link layer foraddition into the LAN header.You will see how the Internet layer uses a protocol called ARP (AddressResolution Protocol) to find the MAC or Ethernet address of the next link. Lastly, you will see themessage syntax and sequence of the HTTP protocol.Objective:1.Demonstrate basic packet capturing with Wireshark2.Examining the TCP handshake used to set and take down a reliable connection3.Examine how the Internet layer uses ARPInstructions:1.Use the MyApps folder to locate Wireshark2.Click the Launch button to open Wireshark3.Useipconfig/allat a command prompt to get the IP and physical addresses of the local machine.4.Before we capture packets delete the ARP cache.This area of memory keeps a mapping or IPaddresses to MAC addresses. We want to delete any previous entry so that the protocol ARP willneed to be used in our capture5.Open a command line windows as administrator and type the following:netsh interface ip delete arpcacheCapturing and Examining TCPPacketsTCP Connection Setup: 3-way HandshakePhysical Address of host78-0C-B8-A8-21-2CIP Address of host192.168.31.107IP Address of default gateway192.168.31.1Physical address of default gateway192.168.31.1
