Lab 1

Lab Title: Network Traffic Analysis Using Wireshark

Objective:
 Learn how to capture and analyze network traffic using Wireshark.
 Understand the basics of different network protocols (e.g., TCP, UDP,
HTTP).
 Identify and interpret key information from captured packets.
Prerequisites:
 Basic understanding of networking concepts (IP addresses, protocols,
packet structure).
 Wireshark installed on the lab computers.
Materials Needed:
 Computers with Wireshark installed.
 A networked environment (could be a local network or internet access).
 Sample capture files (optional).
Lab Tasks:

Task 1: Introduction to Wireshark

1. Installing Wireshark (if not already installed):

1. Visit the Official Website:

o Open a web browser and go to the Wireshark official
website.

2. Download the Installer:

o On the homepage, click on the "Download" button.
o Choose the appropriate installer for your operating system
(e.g., Windows, macOS, Linux).

3. Run the Installer:

o Once the download is complete, locate the installer file
(e.g., Wireshark-win64.exe for Windows).
o Double-click the installer to run it.

4. Follow the Installation Wizard:

o The Wireshark Setup Wizard will open. Click "Next" to
proceed.
o Accept the license agreement.
o Choose the installation components (you can keep the
default settings).
o Note for Windows Users: The installer will prompt you
to install WinPcap or Npcap, which are necessary for
 packet capturing. Ensure you select the option to install
Npcap.

5. Complete the Installation:

o Click "Install" to begin the installation process.
o Once the installation is complete, click "Finish" to exit the
Setup Wizard.

6. Launch Wireshark:
o After installation, you can start Wireshark from the Start
menu .
o On first launch, you may need to grant network
permissions for packet capturing.

2. Getting Familiar with the Interface:

o Open Wireshark and explore the interface.

o Identify key sections: capture interfaces, packet list pane,

packet details pane, and packet bytes pane.
3. Selecting a Network Interface:
o Identify the correct network interface (e.g., Ethernet, Wi-Fi) that will
be used for capturing traffic.
o Explain how different interfaces can show different traffic based on
the network setup.

Task 2: Capturing Network Traffic

1. Starting a Capture Session:
o Select the appropriate network interface and start capturing traffic.

o Perform typical network activities (e.g., browsing websites, pinging

a server) to generate traffic.
o Stop the capture after a few minutes.

2. Saving and Opening Capture Files:

o Save the captured traffic to a .pcap file.

o Explain how to open saved capture files for future analysis.

Task 3: Analyzing Captured Packets

1. Basic Packet Analysis:
o Explore the packet list pane to see different captured packets.
 o Highlight packets related to common protocols like TCP, UDP, and
HTTP.
o Explain key fields in the packet details pane (e.g., source and
destination IP addresses, ports, sequence numbers).
2. Using Display Filters:
o Introduce the concept of display filters to focus on specific traffic
types.
o Practice using filters like ip.src == 192.168.1.1/10.x.x.x, tcp, udp,
and http. e.g
o Show how to combine filters with logical operators (e.g., tcp &&
ip.addr == 192.168.1.1/10.x.x.x).
3. Reconstructing HTTP Streams:
o Use Wireshark’s "Follow TCP Stream" feature to reconstruct and
view HTTP sessions. Select Analyze> Follow > TCP Stream
o Analyze the HTTP requests and responses to understand how data is
exchanged between a client and server.
4. Identifying Protocols:
o Discuss common protocols observed in the capture (e.g., ARP, DNS,
DHCP).
o Explain how Wireshark’s protocol dissectors work to interpret and
display protocol data.

Task 4: Advanced Analysis

1. Analyzing Latency and Performance:
o Measure round-trip time (RTT) and analyze the TCP handshake
process.
Statistics>TCP stream Graphs> Round Trip Time
o Discuss how to identify potential performance issues using
Wireshark (e.g., high latency, packet loss).
2. Detecting Network Issues:
o Identify common network issues such as retransmissions, duplicate
ACKs, and packet fragmentation.
o Discuss how these issues can impact network performance.

3. Security Analysis:
o Capture and analyze common security-related traffic such as ICMP
requests (pings) or ARP spoofing attempts.
 o Discuss how Wireshark can be used to detect potential security
threats.

Task 5: Generating and Analyzing Custom Traffic (Optional)

1. Using Tools to Generate Traffic:
o Use tools like ping, traceroute, or network scanners to generate
specific types of traffic.
o Capture and analyze the traffic generated by these tools.

2. Analyzing Malicious Traffic :

o Provide a sample .pcap file with captured malicious traffic (e.g., a
simulated attack).
o Identify and analyze the malicious packets using Wireshark.

Assessment:
 Submit a report that includes:
o Screenshots of specific packets with explanations.

o A summary of key findings from their analysis.

o Answers to any specific questions posed during the lab (e.g.,

identifying certain types of traffic, explaining packet contents).
Conclusion:
By the end of this lab, you will have a solid understanding of how to use
Wireshark for capturing and analyzing network traffic. They will be able to
interpret packet data and identify different types of network protocols and
potential issues.

Note. Some filters

Filter Traffic:
 Use display filters to isolate TCP traffic.
 Example filter for TCP handshake:
Example 1: tcp.flags.syn == 1 && tcp.flags.ack == 0

Example 2: tcp.port == 80 && ip.addr == <target_IP> tcp.port==443 &&

ip.addr==<10.10.10.1>
Note:
The Stream Index column displays a unique number for each stream, such
as 1 for the first stream, 2 for the second stream, et cetera. A stream is a related
collection of TCP packets, typically beginning with the 3-way handshake, then the
data transfer, and ending with the session tear download

Download
https://learn.microsoft.com/en-us/sysinternals/downloads/psping
psping <hostname or IP>:<port>
psping google.com:443