NETWORK SECURITY

Security of the Network Learning Objectives

You will discover more about Wireshark in this lab.

• Learn about protocol analyzers and their purposes by reading the description and template for Wireshark; • Put Wireshark to the test and report your results.

Lab equipment and setup

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

You’ll need the following supplies for this lab:

A Windows computer with Internet connectivity and the ability to install apps on the PC, as well as a pencil and paper
a description and a model
The Wireshark packet sniffer [http://www.wireshark.org/] will be used in the lab. We may view the contents of messages broadcast and received from and by protocols at various levels of the protocol stack using Wireshark. Windows-compatible Wireshark is a free network protocol analyzer.

Downloading Wireshark
You must have access to a computer that can run both Wireshark and the WinPCap packet capture library in order to use Wireshark. When you install Wireshark, the WINPCap program will also be installed for you.
Installing the Wireshark program after downloading it:
• Download and install Wireshark for your PC at http://www.wireshark.org/download.html.
• Save a copy of the Wireshark user manual (optional).
If you are having issues installing or using Wireshark, the Wireshark FAQ provides a number of useful tips and intriguing facts.
Active Wireshark
The Wireshark graphical user interface appears when you execute the Wireshark application. In the various windows, no data will be shown at first.

There are five main parts of the Wireshark interface:
At the top of the window are normal pull-down menus that serve as the command menus. The File and Capture menus are now of interest to us. You can start packet capture using the menu item Capture.
• The packet-listing window shows a one-line summary for each captured packet, along with the packet number (assigned by Wireshark; this is not a packet number found in any protocol header), the time the packet was captured, the source and destination addresses of the packet, the protocol type, and any protocol-specific data present in the packet.
• Information about the packet that was chosen in the packet listing window is provided in the packet header details window. These specifics cover the Ethernet frame and IP datagram that this packet is contained in. By clicking on the plus or minus signs to the left of the Ethernet frame or IP datagram line in the packet details window, the amount of Ethernet and IP-layer detail displayed can be increased or decreased. Details about whether the packet was transmitted using TCP or UDP will also be shown.
• The whole contents of the captured frame are shown in the packet-contents pane in both ASCII and hexadecimal formats.
• The packet display filter field, located towards the top of the Wireshark graphical user interface, allows users to filter the data shown in the packet-listing window (and consequently the packet-header and packet-contents windows) by entering a protocol name or other information. We’ll use the packet-display filter field in the example below to instruct Wireshark to conceal (not display) all packets other than those that correspond to HTTP messages.

Instructions

Putting Wireshark to the Test
Using new software is the best way to become familiar with it. We’ll presume that your computer has a wired Ethernet adapter connecting it to the Internet. The experiment can also be finished using a wireless interface, but you will need to select the right adaptor at each step. Act as follows:
1. Open your preferred web browser, which will show your chosen homepage.
2. Launch the Wireshark program. The window you initially see will resemble that in Figure 2, but as Wireshark has not yet started collecting packets, no packet data will be visible in the packet-listing, packet-header, or packet-contents window.
3. Choose Options from the Capture pull-down menu to start packet capture. The “Wireshark: Capture Options” window will then appear, as seen in Figure 3.

4. The majority of the default values in this window can be used. The menu at the top of the Capture Options window will display the network interfaces (i.e., the physical connections) that your computer has to the network. You must choose the network interface that is currently being used to send and receive packets if your computer has more than one active network interface (for instance, if you have both a wireless and wired Ethernet connection). Click Start after choosing the network interface. Wireshark will now start to capture any packets that are being transmitted and received by and from your computer.

5. Type http://www.wireshark.org/tools/v46status.html into your browser while Wireshark is running to view that page. Your browser will communicate with the HTTP server and exchange HTTP messages with the server in order to download this page and display it. Wireshark will record the Ethernet packets containing these HTTP messages.

6. After your browser has shown the webpage, click the stop live capture button to end Wireshark packet recording. Now, the main Wireshark window ought to resemble Figure 2. All protocol communications that were sent and received between your computer and other network entities are now available to you in live packet data! There should be a listing of the packets that were captured that includes the HTTP message exchanges with the www.wireshark.org web server. There were undoubtedly numerous additional protocols running on your computer, even though the only action you took was to download a web page.

7. In the show filter specification window at the top of the main Wireshark window, type “http” (without the quotes; all protocol names in Wireshark are lowercase). Select Apply next. Only HTTP messages will then be seen in the packet-listing pane as a result.

8. In the pane that lists the packets, choose the first HTTP message displayed. This is supposed to be the HTTP GET command that your machine submitted to the Wireshark HTTP server. The packet-header window 3 displays the Ethernet frame, IP datagram, TCP segment, and HTTP message header information when you choose the HTTP GET message. Reduce the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed by using the plus and minus buttons on the left side of the packet details window. Increase the amount of information about the HTTP protocol that is displayed. Now, broadly speaking, your Wireshark display should resemble Figure 5.

9. Screenshot the Wireshark screen demonstrating your completion of the packet capture, and paste it at the conclusion of this lab. Briefly describe what is shown on the screen and explain why you believe Wireshark is beneficial and how it might improve security.

9. Shut off Wireshark.

 

 

"Get 15% discount on your first 3 orders with us"
Use the following coupon
"FIRST15"

Order Now