Name : Pranav Adithya B

SRN : PES2UG22CS397
CN LAB
Week #1
Study and understand the basic networking tools - Wireshark, Tcpdump, Ping,
Traceroute.

Learn and Understand Network Tools

Wireshark
Perform and analyze Ping PDU capture
Examine HTTP packet capture
Analyze HTTP packet capture using filter

Tcpdump
• Capture
packets
 
• Test the connectivity between 2
systems
Traceroute
Perform traceroute checks
Nmap
Explore an entire network

IMPORTANT INSTRUCTIONS:
• This manual is written for Ubuntu Linux OS only. You can also execute these
experiments on VirtualBox or VMWare platform.
• For few tasks, you may need to create 2 VMs for experimental setup.
• Perform sudo apt-get update before installing any tool or utility.
• Install any tool or utility using the command sudo apt-get install name_of_the_tool
Take screenshots wherever necessary and upload it as a single PDF file. (The PDF must
contain: Lab Number and Title, SRN and Name of the student, Section)
• To define an IP address for your machine (e.g., Section – ‘a’ & Serial number is 1,
then your IP address should be 10.0.1.1. Section – ‘h’ & & Serial number is 23, then
your IP address should be 10.0.8.23) – applicable only for relevant tasks (which
doesn’t requires internet connectivity to execute the tasks).
Task 1: Linux Interface Configuration (ifconfig / IP command)
Step 1: To display status of all active network interfaces.
ifconfig (or) ip addr show
Analyze and fill the following table:
ip address table:
Interface name IP address (IPv4 / IPv6) MAC address

enp0s3 IPv4 : 10.2.15 08:00:27:eb:a3:26

IPv6 : fe80::7993:868b:bbd5:e364

Step 2: To assign an IP address to an interface, use the following command.

sudo ifconfig interface_name 10.0.your_section.your_sno netmask 255.255.255.0 (or)
sudo ip addr add 10.0.your_section.your_sno /24 dev interface_name

Step 3: To activate / deactivate a network interface, type.

sudo ifconfig interface_name down
sudo ifconfig interface_name up
Step 4: To show the current neighbor table in kernel, type
ip neigh
After sudo ifconfig enp0s3 up

Task 2: Ping PDU (Packet Data Units or Packets) Capture

Step 1: Assign an IP address to the system (Host).
Note: IP address of your system should be 10.0.your_section.your_sno.
Step 2: Launch Wireshark and select ‘any’ interface
Step 3: In terminal, type ping 10.0.your_section.your_sno

Observations to be made
Step 4: Analyze the following in Terminal
• TTL
• Protocol used by ping
• Time
Step 5: Analyze the following in Wireshark
On Packet List Pane, select the first echo packet on the list. On Packet Details Pane, click on
each of the four “+” to expand the information. Analyze the frames with the first echo request
and echo reply and complete the table below.
Details First Echo Request First Echo Reply
Frame Number 27 28
Source IP address 10.0.7.97 10.0.7.97
Destination IP address 10.0.7.97 10.0.7.97
ICMP Type Value 8 0
ICMP Code Value 0 0
Source Ethernet Address Source: 00:00:00_00:00:00 Source: 00:00:00_00:00:00
(00:00:00:00:00:00) (00:00:00:00:00:00)
Destination Ethernet Address Source: 00:00:00_00:00:00 Source: 00:00:00_00:00:00
(00:00:00:00:00:00) (00:00:00:00:00:00)
Internet Protocol Version 4 4
Time To Live (TTL) Value 64 64

Task 3: HTTP PDU Capture

Using Wireshark’s Filter feature
Step 1: Launch Wireshark and select ‘any’ interface. On the Filter toolbar, type-in ‘http’ and
press enter
Step 2: Open Firefox browser, and browse www.flipkart.com

Observations to be made
Step 3: Analyze the first (interaction of host to the web server) and second frame (response
of server to the client). By analyzing the filtered frames, complete the table below:
Details First Echo Request First Echo Reply
Frame Number 812 818
Source Port 39378 80
Destination Port 80 39378
Source IP address 10.0.2.15 34.107.221.82
Destination IP address 34.107.221.82 10.0.2.15
Source Ethernet Address (08:00:27:eb:a3:26) (52:54:00:12:35:02)
Destination Ethernet Address (52:54:00:12:35:02) (08:00:27:eb:a3:26)
Step 4: Analyze the HTTP request and response and complete the table below.
HTTP Request HTTP Response
Get Server nginx
/success.txt?ipv4
HTTP/1.1\r\n
Host detectportal.firef Content-Type text/plain
ox.com\r\n
User-Agent Mozilla/5.0 Date Thu, 18 Jan
(X11; Ubuntu; 2024 11:18:33
Linux x86_64; GMT
rv:109.0)
Gecko/20100101
Firefox/116.0\r\n
Accept-Language en-US,en;q=0.5 Location
Accept-Encoding gzip, deflate Content-Length 8
Connection keep-alive Connection keep-alive
Using Wireshark’s Follow TCP Stream
Step 1: Make sure the filter is blank. Right-click any packet inside the Packet List Pane, then
select ‘Follow TCP Stream’. For demo purpose, a packet containing the HTTP GET request
“GET / HTTP / 1.1” can be selected.
Step 2: Upon following a TCP stream, screenshot the whole window.
Task 4: Capturing packets with tcpdump
Step 1: Use the command tcpdump -D to see which interfaces are available for capture.
sudo tcpdump -D

Step 2: Capture all packets in any interface by running this command:

sudo tcpdump -i any

Note: Perform some pinging operation while giving above command. Also type
www.google.com in browser.
Observation
Step 3: Understand the output format.
Step 4: To filter packets based on protocol, specifying the protocol in the command line. For
example, capture ICMP packets only by using this command:
sudo tcpdump -i any -c5 icmp
Step 5: Check the packet content. For example, inspect the HTTP content of a web request
like this:
sudo tcpdump -i any -c10 -nn -A port 80
Step 6: To save packets to a file instead of displaying them on screen, use the option -w:
sudo tcpdump -i any -c10 -nn -w webserver.pcap port 80

Why do we use wireshark

Wireshark is used to look at how information travels on a computer network.
Task 5: Perform Traceroute checks
Step 1: Run the traceroute using the following command.
sudo traceroute www.google.com

Step 2: Analyze destination address of google.com and no. of hops

Step 3: To speed up the process, you can disable the mapping of IP addresses with hostnames
by using the -n option
sudo traceroute -n www.google.com

Step 4: The -I option is necessary so that the traceroute uses ICMP.

 sudo traceroute -I www.google.com

Step 5: By default, traceroute uses icmp (ping) packets. If you’d rather test a TCP connection
to gather data more relevant to web server, you can use the -T flag.
sudo traceroute -T www.google.com

Task 6: Explore an entire network for information (Nmap)

Step 1: You can scan a host using its host name or IP address, for instance.
nmap www.pes.edu

Step 2: Alternatively, use an IP address to scan.

Nmap 163.53.78.128

Step 3: Scan multiple IP address or subnet (IPv4)

nmap 192.168.1.1 192.168.1.2 192.168.1.3
 Submission:
Students are expected to take the screenshot of results - after execution of every command in
every task.
They are expected to write the Task and 2-3 lines of their observation followed by screenshots.
Submissions will be through google forms.

Questions on above observations: (Optional)

1) Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the
server?
2) When was the HTML file that you are retrieving last modified at the server?
3) How to tell ping to exit after a specified number of ECHO_REQUEST packets?
4) How will you identify remote host apps and OS?
Answers for Optional Questions :

1) Version 1.1
2)

3) Using -c with the ping command

4) Using nmap