Professional Documents
Culture Documents
TCP/IP Model:
Although OSI 7 layer model is accepted as the ideal model in reality TCP/IP model is used
in most internet networks. TCP/IP protocols map to a four-layer conceptual model. Details
will be covered in theory class.
Figure 7: Comparison of OSI model and TCP/IP Model and their logical over view
Network Packet:
A network packet is a formatted unit of data carried by a packet-switched network. When
data is formatted into packets, packet switching is possible and the bandwidth of the
communication medium can be better shared among users than with circuit switching.
IP packets will be covered in details in class. To know more about it please check
out the link https://www.tutorialspoint.com/ipv4/ipv4_packet_structure.htm
Communication Protocol:
In telecommunications, a communication protocol is a system of rules that allow two or more
entities of a communications system to transmit information via any kind of variation of a
physical quantity. These are the rules or standard that defines the syntax, semantics and
synchronization of communication and possible error recovery methods. Protocols may be
implemented by hardware, software, or a combination of both.
Few of the protocols we’ll be dealing with in this lab:
TCP - Transmission Control Protocol (TCP), which uses a set of rules to exchange
messages with other Internet points at the information packet level
UDP - The User Datagram Protocol (UDP) is one of the core members of the Internet
protocol suite. UDP uses a simple connectionless transmission model with a
minimum of protocol mechanism.
DHCP - The Dynamic Host Configuration Protocol (DHCP) is a standardized network
protocol used on Internet Protocol controlled by a DHCP server to dynamically distributes
network configuration parameters, such as IP addresses, for interfaces and services
HTTP - The Hypertext Transfer Protocol (HTTP) is an application protocol for
transporting web contents in the network.
FTP - The File Transfer Protocol (FTP) is a standard network protocol used to transfer
computer files between a client and server on a computer network.
SSH - Secure Shell (SSH) is a cryptographic network protocol for operating network
services securely over an unsecured network. The best known example application is
for remote login to computer systems by users.
These are few of the basic protocols many other protocols are used in telecommunication and
computer networks. To know more protocols you can visit this link,
https://en.wikipedia.org/wiki/Transmission_Control_Protocol.
Getting Wireshark
In order to run Wireshark visit the link, http://www.wireshark.org/download.html.
The site has its installation guidelines. The Wireshark FAQ has a number of helpful hints and
interesting tidbits of information, particularly if you have trouble installing or running Wireshark.
Primary Features:
Wireshark has the ability to sniff incoming and outgoing packets with in the network. If the
network has Promiscuous Mode (Explained below) enabled this software can sniff packets
coming and going from other computers connected in the local network.
Promiscuous Mode:
In a network, promiscuous mode allows a network device to intercept and read each network
packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop
server that captures and saves all packets for analysis (for example, for monitoring network usage).
Normal adapter receives frames sent to the local MAC address promiscuous mode enabled
network controller broadcast packets address FF-FF-FF-FF-FF-FF hence allowed computers can
receive everything, independent of destination MAC. Useful for packet sniffing
Running Wireshark:
Wireshark’s initial has graphical user interface shown in Figure 6. After selecting the
network main window of for packet sniffing appear.
Figure 6: User interface of Wireshark
Protocol Filter – Filter by protocol type in the protocol short from in the filter input box,
i.e. http, tcp, udp etc.
Source IP Filter – Filter by ip source by ip.src == “ip address”
Destination IP Filter – Filter by ip destination by ip.dst == “ip address”
Compound instruction - Compound instruction and used to filter by using logical
conjugation operators.
Lab Task:
Visit a website and capture its DNS packets and HTTP packets using Wireshark.
Reference:
https://en.wikipedia.org/wiki/Computer_network
https://en.wikipedia.org/wiki/IP_address
https://en.wikipedia.org/wiki/Network_packet
https://technet.microsoft.com/en-us/library/cc958821.aspx?f=255&MSPPError=-
2147217396 https://en.wikipedia.org/wiki/Transmission_Control_Protocol
https://en.wikipedia.org/wiki/User_Datagram_Protocol
http://searchsecurity.techtarget.com/definition/promiscuous-mode