Scribd
Upload
13 views

21CSE1024(Computer Networks Lab 6)

Uploaded by

xinogo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

21CSE1024(Computer Networks Lab 6)

Uploaded by

xinogo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Wireshark Introduction

Computer Network lab


By:
p. Aryan nageswararao
Roll No:21CSE1024
Aim: To understand and implement the basic concepts of
Wireshark software.

Theory: Wireshark is a free and open-source packet analyzer.


It is used for network troubleshooting, analysis, software and
communications protocol development, and education.
Originally named Ethereal, the project was renamed Wireshark
in May 2006 due to trademark issues.

Wireshark is cross-platform, using the Qt widget toolkit in


current releases to implement its user interface, and using
“pcap” to capture packets; it runs on Linux, macOS, BSD, Solaris,
some other Unix-like operating systems, and Microsoft
Windows. There is also a terminal-based (non-GUI) version
called “TShark”. Wireshark, and the other programs distributed
with it such as “TShark”, are free software, released under the
terms of the GNU General Public License version 2 or any later
version.
Wireshark is very similar to tcpdump, but has a graphical front-
end and integrated sorting and filtering options.
Wireshark lets the user put network interface controllers into
promiscuous mode (if supported by the network interface
controller), so they can see all the traffic visible on that interface
including unicast traffic not sent to that network interface
controller's MAC address. However, when capturing with a
packet analyzer in promiscuous mode on a port on a network
switch, not all traffic through the switch is necessarily sent to
the port where the capture is done, so capturing in promiscuous
mode is not necessarily sufficient to see all network traffic. Port
mirroring or various network taps extend capture to any point
on the network. Simple passive taps are extremely resistant to
tampering [citation needed].
On Linux, BSD, and macOS, with libpcap 1.0.0 or later, Wireshark
1.4 and later can also put wireless network interface controllers
into monitor mode.
If a remote machine captures packets and sends the captured
packets to a machine running Wireshark using the TZSP protocol
or the protocol used by OmniPeek, Wireshark dissects those
packets, so it can analyze packets captured on a remote
machine at the time that they are captured.

Capturing packets using wire shark:


 First, we need to properly install Wireshark software then
open the software and select the WIFI tab which will take
us to a window that looks like the image below.
 Then we open a website like
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-
file1.html on any browser while the Wireshark is running.
 Then we pause the Wireshark and save the file as a .pcap
file and open the file.
 The we will see something like the image below.
 The at the apply a display filter search box we will search for
“http” keyword in all small letters then we will see
something like this.

 Here need to select the “GET /wireshark-labs/…” and “OK”


file and print then using the print option in the file menu
the we will get two pdfs.
 The info of the “GET” pdf is:
 The info of the ok pdf is:

 Then we can click on any of the files then it will open a file
like this and in this we get more info about each of the
following elements by clicking down arrow:

 Now we have successfully observed an packet that was sent


to our system when we visited the a link.
Observation:
 I have observed the following different protocols while
running wireshark TCP, UDP, HTTP, DNS, ARP, IMAP, TLSV1.
 The time difference between “get” http file and “ok” http
file is “0.36 seconds”
 The source Ip for “GET request” is “”and the destination Ip
is “128.119.245.12” but the source Ip for “OK ack” is
“128.119.245.12”and the destination Ip is
“192.168.219.12”.
Conclusion:
I have learnt and observed how the wireshark software works
and how to use it for packet sniffing. I have learn and
observed how an http request is sent and how and ack is sent
and learnt about all the different components of the Ip
header and the contents of the http packet.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy