North South University

CSE 338 L: Data

Communication & Network Lab
Lab Class 3: Introduction to Packet Sniffing
IP Address (IPv4 & IPv6):
An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g.,
computer, printer) participating in a computer network that uses the Internet Protocol for
communication. i.e. 192.168.10.17. There are two formats of IP addressing is accepted these
days 32 – bit format (IPv4) and a newer version 128 – bit format (IPv6). We are interested
and will be working with IPv4 as it is accepted every by every hosts and widely used.

TCP/IP Model:
Although OSI 7 layer model is accepted as the ideal model in reality TCP/IP model is used
in most internet networks. TCP/IP protocols map to a four-layer conceptual model. Details
will be covered in theory class.

Figure 7: Comparison of OSI model and TCP/IP Model and their logical over view
Network Packet:
A network packet is a formatted unit of data carried by a packet-switched network. When
data is formatted into packets, packet switching is possible and the bandwidth of the
communication medium can be better shared among users than with circuit switching.

Figure 5: TCP/IP Packet Header

IP packets will be covered in details in class. To know more about it please check
out the link https://www.tutorialspoint.com/ipv4/ipv4_packet_structure.htm

Communication Protocol:
In telecommunications, a communication protocol is a system of rules that allow two or more
entities of a communications system to transmit information via any kind of variation of a
physical quantity. These are the rules or standard that defines the syntax, semantics and
synchronization of communication and possible error recovery methods. Protocols may be
implemented by hardware, software, or a combination of both.
Few of the protocols we’ll be dealing with in this lab:

 TCP - Transmission Control Protocol (TCP), which uses a set of rules to exchange
messages with other Internet points at the information packet level 
 UDP - The User Datagram Protocol (UDP) is one of the core members of the Internet
protocol suite. UDP uses a simple connectionless transmission model with a
minimum of protocol mechanism. 
 DHCP - The Dynamic Host Configuration Protocol (DHCP) is a standardized network
protocol used on Internet Protocol controlled by a DHCP server to dynamically distributes
network configuration parameters, such as IP addresses, for interfaces and services 
 HTTP - The Hypertext Transfer Protocol (HTTP) is an application protocol for
transporting web contents in the network. 
 FTP - The File Transfer Protocol (FTP) is a standard network protocol used to transfer
computer files between a client and server on a computer network. 
 SSH - Secure Shell (SSH) is a cryptographic network protocol for operating network
services securely over an unsecured network. The best known example application is
for remote login to computer systems by users. 
These are few of the basic protocols many other protocols are used in telecommunication and
computer networks. To know more protocols you can visit this link,
https://en.wikipedia.org/wiki/Transmission_Control_Protocol.

Some important Command line tools

In the command window of your machine type in the following commands.

  ping – if a host is reachable 

  tracert – Path that a packet is taking to rich a computer 
  nslookup – Name server lookup, finds the IP address for a corresponding domain name 
 ipconfig – shows the information about machines Ethernet adapters. 

Wireshark and Network Administration:

Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis,
software and communications protocol development, and education. Originally named Ethereal.

Getting Wireshark
In order to run Wireshark visit the link, http://www.wireshark.org/download.html.
The site has its installation guidelines. The Wireshark FAQ has a number of helpful hints and
interesting tidbits of information, particularly if you have trouble installing or running Wireshark.

Primary Features:
Wireshark has the ability to sniff incoming and outgoing packets with in the network. If the
network has Promiscuous Mode (Explained below) enabled this software can sniff packets
coming and going from other computers connected in the local network.

Promiscuous Mode:
In a network, promiscuous mode allows a network device to intercept and read each network
packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop
server that captures and saves all packets for analysis (for example, for monitoring network usage).
Normal adapter receives frames sent to the local MAC address promiscuous mode enabled
network controller broadcast packets address FF-FF-FF-FF-FF-FF hence allowed computers can
receive everything, independent of destination MAC. Useful for packet sniffing

Running Wireshark:
Wireshark’s initial has graphical user interface shown in Figure 6. After selecting the
network main window of for packet sniffing appear.
Figure 6: User interface of Wireshark

Figure 7: User interface of Wireshark

Filtering:

 Protocol Filter – Filter by protocol type in the protocol short from in the filter input box,
i.e. http, tcp, udp etc. 
  Source IP Filter – Filter by ip source by ip.src == “ip address” 
  Destination IP Filter – Filter by ip destination by ip.dst == “ip address” 
 Compound instruction - Compound instruction and used to filter by using logical
conjugation operators. 

Lab Task:
Visit a website and capture its DNS packets and HTTP packets using Wireshark. 

Reference:
https://en.wikipedia.org/wiki/Computer_network
https://en.wikipedia.org/wiki/IP_address
https://en.wikipedia.org/wiki/Network_packet
https://technet.microsoft.com/en-us/library/cc958821.aspx?f=255&MSPPError=-
2147217396 https://en.wikipedia.org/wiki/Transmission_Control_Protocol
https://en.wikipedia.org/wiki/User_Datagram_Protocol
http://searchsecurity.techtarget.com/definition/promiscuous-mode