LAB-1 (A) Introduction To Software Tools For Networking - WIRESHARK

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

Birla Institute of Technology &Science, Pilani Computer Networks (CS C 461 / IS C 461) Second Semester 2013-2014 Lab Sheet-

Introduction to Software Tools for Networking: Traffic Generator and Analyzer Aim: To analyze various network protocols using Wireshark (Ethereal) Objective: To learn the different Header Fields of the protocols by capturing live packets using a network protocol analysis tool. Required Resources: LAN or WAN, Wireshark Network Analyzer, iperf Checklist: A PC with 256 MB RAM, 40 GB HDD Wireshark with complete installation Proper LAN or WAN to capture the packets Network Traffic Analyzer: Wireshark Description: Wireshark is a open-source and foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is used for network analysis, troubleshooting and to assist communications protocol development and education. Wireshark does not manipulate packets on the network, but can only analyze those already present, with minimal overhead. Wireshark has a rich feature set which includes the following: i. ii. iii. iv. v. vi. vii. viii. ix. x. Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris and many others Captured network data can be browsed via a GUI The most powerful display filters. Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform) Colouring rules can be applied to the packet list for quick, intuitive analysis Output can be exported to XML, CSV, or plain text

Important Links (Further reading): http://is.gd/RazB76) http://www.wireshark.org/about.html BITS-Pilani 1

Installing Wireshark: For Windows OS (Windows 7) Download the latest stable version of WireShark (v1.6.5). (Available at http://is.gd/Ys7UeV) Choose all components for installation, including WinPcap. Proceed until completion. WireShark may now be launched by running the application launcher. For Linux OS (Ubuntu 9.10) Use Ubuntu Software Center to install WireShark. WireShark has to be run with root privileges, so that it has the required permissions to monitor the network interfaces. To do so, type in the following command in the terminal sudo wireshark (without quotes).

Procedure: PART-I (How to use Wireshark) 1. Start Wireshark by starting the executable from the installed directory. 2. Select proper interface for capturing packets (See Figure-1). 3. You will see a dynamic list of packets being captured by WireShark. In order to stop a running capture, press CTRL+E or from the menu, select Capture > Stop (See Figure-2). 4. Various packets may be filtered. For instance, if you would only like to see HTTP packets enter HTTP in the Filter input-box and press Apply (See Figure-3 & 4).

Select Interface

Figure 1 BITS-Pilani 2

Figure 2

Select Filter

Figure 3 BITS-Pilani 3

Figure-4 PART-II (How to Analyze Various Protocols using Wireshark) You can capture various kinds of packet by accessing various kinds of websites (just for the analysis purpose) 1. TCP Packet Analysis: Filter for http packets or TCP packet and right click on one of them to follow the TCP stream. You will be able to see the TCP request and the associated acknowledgement packets as shown (See Figure-5). We can examine the amount of data sent per unit time from the client to the server. Select a HTTP segment in the window and then go to Statistics->TCP Stream Graph->Time-Sequence Graph (Stevens). You should see a plot that looks similar to the following plot. You can also of a TCP packet header format, (b) TCP three way handshake 2. UDP Packet Analysis: The datagram format for UDP is explained in Figure-5, in which various fields of UDP datagram are mentioned. Apply filter for UDP and select any UDP stream. In the lower window you will find the UDP header (see Figure-7), try to analyze it by comparing with the header given in figure-6. 3. TCP Vs UDP Packet: The analysis of various protocols can be done using the Analysis option, for example here is the comparison of TCP and UDP packets sent on time scale (See Figure-8). 4. Analysis of Domain Name System (DNS): The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. Figures- 9 is showing the capturing of DNS queries, figure- 10 is showing format of a particular DNS query and figure- 11 the flow graph of the DNS query-response mechanism. BITS-Pilani 4

5. Analysis of Internet Control Message Protocol (ICMP): It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. Filter ICMP messages and compare it with the header format given in figure-12 (See Figure-12 and 13). 6. Analysis of Internet Group Management Protocol (IGMP): IGMP is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast. See figure 14, 15 and 16 respectively for the analysis of IGMP header format and IGMP flow graph.

Figure 5

Figure 6; UDP Datagram BITS-Pilani 5

Figure-7; UDP Datagram captured Using Wireshark

UDP TCP

Figure-8, TCP Vs UDP Packet Sent BITS-Pilani 6

Figure 9; Capturing DNS Query Wireshark

Figure 10; DNS Packet Format Captured through Wireshark

Figure 11; Flow Graph for Captured DNS Query Response BITS-Pilani 7

Figure 2; ICMP Header Format

Figure 13; ICMP Message and Format

Figure 14; IGMP Packet Format BITS-Pilani 8

Figure 15; IGMP Packet Header Format Captured through Wireshark

Figure 4; Flow Graph for IGMP BITS-Pilani 9

Observation Sheet Experiment Name: Observation Table: S. No Questions 1 What is the IP address used by the client computer? What is the TCP port number used by the client computer? What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and destination? What is the sequence number of the SYNACK segment sent by destination to the client computer in reply to the SYN? What is the length for captured UDP packet header? Which flag is set in a captured DNS query and why? What are the observed type(s) of ICMP message captured using Wireshark? What is the version of ICMP used?

Answers

Suggestions (if any):

Name:

ID No.:

Date:

Signature

BITS-Pilani

10

You might also like