Lab 8 Packet sniffing

Objectives:  Our objective for this lab is to browse a webpage, do a file transfer to an FTP server, test the connectivity to a host with Ping, and acquire a network address with DHCP.  We captured packets while using Wireshark, which is divided into three panes.  The top pane displays a list of packets, the middle pane gives the header and delivery details and the bottom pane show a hexadecimal/ASCII equivalent of the frames’ content.  We found the frame’s protocol type, length, source and destination addresss information.

Equipment list: Wireshark, which is a free and open source packet analyzer.  It is used for networking troubleshooting analysis, software and communications protocol development. (Wikipedia.org)

Notes and Observations:  When we booted up the computer we got our DHCP.  We went to a webpage called cnet.com and captured data using Wireshark.  We were able to capture DNS/HTTP/TCP.  Using Wireshark we were able to determine the source IP, Destination IP, and the MAC address of the device accessing.   Then we used Blizzard.com and did the same procedure.

Diagrams, flowcharts and figures: This is an example as what we saw using Wireshark while capturing data.

Image

 

 

 

References: lab handout

Questions:

  1. 1.       In the top pane, select any packet to see its contents. Find the frame’s protocol type, length, and source & destination address information. Locate sequence numbers used by a TCP segment. What is the purpose of these numbers? View other protocol header information. List the field values of one of the protocol headers such as IP, TCP, or UDP. Udp(17) the length was 328, source was 0.0.0.0  The destination address was 255.255.255.255  The TCP segment they represented was 1. Destination, 2.  Source, 3.  Type, 4.  padding in hexadecimal.  The HTTP segment represented 1.  Destination, 2.  Source, 3.  Type, 4.  Internet Protocol  
    1. Find the FTP protocol frames that show where your username and password were supplied. What do you notice about these frames? What can you say about the security of the FTP protocol after viewing these frames? Can you locate frames that use the “GET” and “PUT” commands used to download & upload files? Describe what you have learned about the process of an FTP transfer by viewing these packets. These were in plain text, there was no secure.

 

  1. Find a frame containing a DNS query. (If none is visible, try pinging a different website while recapturing packets.) What protocols are encapsulated in this frame? Which of these protocols is a transport layer protocol?  DNS server was 10.10.176.1 and the reply address was 129.130.8.49 which took us back to the K-State webpage.

At this point we ran out of time.  Mr. Genereux took time with us and pointed out some interesting facts about what we had learn or at least seen!

  1. Find a frame containing ICMP information. What protocols are encapsulated in this frame? Which layer does ICMP reside in? What do the ICMP initials mean?
  2. Find frames containing HTTP information. Approximately how many frames did it take to download the web page? List the different protocols that are used. Note how many protocols are working together to find and retrieve the information.
  3. Open the first frame carrying a HTTP GET request packet. What protocol headers do you see? List three field names from each of the headers. Within the HTTP header, find and record the User Agent information. Which layer does each of the protocols belong to?
  4. Find a pair of frames that show an ARP request and an ARP response. Explain these frames and what they are doing.
  1. Find the frames that show DHCP configuring IP addresses. What is the process for a machine to be assigned an IP address using DHCP? (Look up “DHCP handshake” online to compare what you see & what is expected.)

Review:

  1. What is the purpose of sequence numbers?  Is to aid TCP in reordering the packets that are sent.

 

  1. 2.     What is the purpose of source & destination addresses? For computers that exchange date know who it came from and who it needs to go to.

 

  1. 3.     What is the purpose of DNS?   To translate internet addresses into IP addresses for the computer to read.
  2. 4.     What is DHCP?  Domain Host Configuration Protocol, a way to assign IP addresses to computers on a network.

 

  1. 5.     What the relationship between the OSI model of networking and the TCP/IP model you saw in this lab activity? (Hint: Look up the TCP/IP model online or there’s a big poster on the wall that makes the comparison.) Both use layers to divide up different portions of the network.  Both use encapsulation.  You can view the layers in the details of each packet/information that is sent in the wireshark program. You can view the mac, frame, IPv4, TCP all in the description.

 

  1. 6.     What evidence of layered network design did you discover when examining the captured data? How does the wireshark data demonstrate encapsulation? You can view the details of each layer of the packets when you click on them.

 

 

  1. 7.      What are the implications of having a tool like Wireshark freely available? For network administration? For security?  Some of the  implications could be that people will be able to manage their personal or other networks better and a good learning tool.  There is a school in Texas that uses these methods to teach students to build a better defense against hackers.  Security is that hackers and people trying to steal data for identity purposes.  Network administrators can pinpoint problems within their network easier.  Of course security from hackers and such makes it easier for someone to use at wireless hotspots, and other ways to steal data.   If you login into a bank account while on an unsecured server then the person using Wireshark can get that login information.

 

Conclusions:  This lab used a packet sniffing tool that is freely available and allowed me to see just how the network communicates.  I can see just how useful this tool can be to the everyday person, network administrators, and even the hacker (which is not a good thing!).  This lab gave me the opportunity to see all the different protocols and the data being captured on the network.  I think it was a good lab, and I didn’t know tools like this existed especially free.  I may explore this Wireshark at home some more!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s