Devamsh Rai Jaiswal_Lab3_DCF255_L3_packetcapture.docx - Lab...

  • Seneca College
  • DCF 255
  • Kathan_patel
  • 7
  • 100% (4) 4 out of 4 people found this document helpful

This preview shows page 1 - 3 out of 7 pages.

Lab 3DCF255P a g e|1Lab 3: Packet CaptureIntroductionIn this lab, you will use a “packet sniffer” called Wireshark to capture and analyze TCP packets generatedbetween the PC browser and a web server, such asmatrix.senecacollege.ca. When the application layerof the TCP/IP protocol stack creates an HTTP message, that message is “encapsulated” by a transportlayer header.The header identifies the protocol TCP which is used to make a reliable connection to a webserver.TCP uses a three-way handshake to establish a connection and a three-way handshake to takedown a connection between the two hosts. The Internet layer adds a header indicating the logical IPaddress, but is also responsible to retrieve the MAC address which is passed to the Data Link layer foraddition into the LAN header.You will see how the Internet layer uses a protocol called ARP (AddressResolution Protocol) to find the MAC or Ethernet address of the next link. Lastly, you will see themessage syntax and sequence of the HTTP protocol.Objective:1.Demonstrate basic packet capturing with Wireshark2.Examining the TCP handshake used to set and take down a reliable connection3.Examine how the Internet layer uses ARPInstructions:1.Use the MyApps folder to locate Wireshark2.Click the Launch button to open Wireshark3.Useipconfig/allat a command prompt to get the IP and physical addresses of the local machine.4.Before we capture packets delete the ARP cache.This area of memory keeps a mapping or IPaddresses to MAC addresses. We want to delete any previous entry so that the protocol ARP willneed to be used in our capture5.Open a command line windows as administrator and type the following:netsh interface ip delete arpcacheCapturing and Examining TCPPacketsTCP Connection Setup: 3-way HandshakePhysical Address of host78-0C-B8-A8-21-2CIP Address of host192.168.31.107IP Address of default gateway192.168.31.1Physical address of default gateway192.168.31.1
Lab 3DCF255P a g e|21.Close all the browser windowsbefore starting wireshark.2.Select an Interface to capture called “Ethernet” which shows activity on it. Similar to the screenshot above3.On wireshark select the interface for packet capturing (ethernet or wifi)4.On the capture menu click the Start button5.Open the browser and navigate tomatrix.senecacollege.ca6.When the web page loads, close the client window and wait a couple of seconds7.Return to Wireshark andStopcapture.8.Save the capture as a file calledlearnname_L3_capture. This is important, if you need to returnto the original file after applying display filters.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 7 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
N/A
Tags
IP address, Transmission Control Protocol, Internet Protocol Suite, Address Resolution Protocol

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture