Wireshark Capture Filter Assignment
VerifiedAdded on 2023/06/11
|7
|712
|263
AI Summary
This assignment covers the basics of Wireshark and traffic capture, BPF qualifiers, logical operators for combining primitives, capturing traffic from/to another machine, excluding particular network traffic, and using port numbers in capture filters.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: ITECH1003 NETWORKING ASSIGNMENT
Wireshark Capture Filter assignment
[Student Name]
[University Name]
Wireshark Capture Filter assignment
[Student Name]
[University Name]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1ITECH1003 NETWORKING ASSIGNMENT
Table of Contents
Part 1 – Wireshark and traffic capture basics.............................................................................2
Part 2 capture filters...................................................................................................................3
BPF qualifiers.........................................................................................................................3
Documenting the 3 logical operators for combining primitives............................................3
Capturing traffic from/to another machine............................................................................4
Excluding particular network traffic......................................................................................6
Using port numbers in capture filters.....................................................................................6
Table of Contents
Part 1 – Wireshark and traffic capture basics.............................................................................2
Part 2 capture filters...................................................................................................................3
BPF qualifiers.........................................................................................................................3
Documenting the 3 logical operators for combining primitives............................................3
Capturing traffic from/to another machine............................................................................4
Excluding particular network traffic......................................................................................6
Using port numbers in capture filters.....................................................................................6
2ITECH1003 NETWORKING ASSIGNMENT
Part 1 – Wireshark and traffic capture basics
Promiscuous mode:
This term is characterized as the extraordinary method of Ethernet equipment in
which network interface cards permits a NIC to get all activity on the network, regardless of
whether it isn't addressed to this NIC. It additionally enables a network gadget to block and
read each network parcel that touches base in this network.
The Capture > Options discourse permits the Name Resolution of Network Layer
names. It implies it demonstrates the IP address of the DNS address which will catch and
distinguish a specific network parcel.
Switch and hub
Switch works in second layer of the OSI show which is information interface layer
and hub works in first layer of the OSI display which is a physical layer. The switch has
numerous functionalities like port security, VLANs, likewise it enables various ports to
interfacing all network gadgets. Be that as it may, hub does not have these functionalities.
Hub sends information in bits or electronic flag shape yet switch sends information in casing
and parcels frame. Hub has 4/12 ports and switch has a multiport connect which is 24/48. The
switch is a dynamic gadget and hub is an aloof gadget.
The switch keeps the MAC address of each gadget that is being associated with it. In
this manner, switch keeps all points of interest of those gadgets and it denounces the reaction
time and furthermore lessens the network activity.
Port Number
Protocol Port number
FTP Data 20
Part 1 – Wireshark and traffic capture basics
Promiscuous mode:
This term is characterized as the extraordinary method of Ethernet equipment in
which network interface cards permits a NIC to get all activity on the network, regardless of
whether it isn't addressed to this NIC. It additionally enables a network gadget to block and
read each network parcel that touches base in this network.
The Capture > Options discourse permits the Name Resolution of Network Layer
names. It implies it demonstrates the IP address of the DNS address which will catch and
distinguish a specific network parcel.
Switch and hub
Switch works in second layer of the OSI show which is information interface layer
and hub works in first layer of the OSI display which is a physical layer. The switch has
numerous functionalities like port security, VLANs, likewise it enables various ports to
interfacing all network gadgets. Be that as it may, hub does not have these functionalities.
Hub sends information in bits or electronic flag shape yet switch sends information in casing
and parcels frame. Hub has 4/12 ports and switch has a multiport connect which is 24/48. The
switch is a dynamic gadget and hub is an aloof gadget.
The switch keeps the MAC address of each gadget that is being associated with it. In
this manner, switch keeps all points of interest of those gadgets and it denounces the reaction
time and furthermore lessens the network activity.
Port Number
Protocol Port number
FTP Data 20
3ITECH1003 NETWORKING ASSIGNMENT
FTP Control 21
HTTP 80
NTP 123
SSH 22
HTTP web activity
port:
8080 it is running with the other which convey the movement of
HTTP web.
PPTP: 1723 it is utilized for burrowing and encryption standard which
used to interface two private business network together finished a
web association.
L2TP: 1701 it is a burrowing and encryption standard used to interface
two private business network together finished a web association
with making a Virtual Private Network.
Secure IMAP: 993 it is TCP port utilized for SSL Secured IMAP 4 get.
LDAP: 389 it is utilized to discover and oversee network assets on a
various levelled network framework.
LDAP over SSL: 636 TCP port is utilized for lightweight catalogue get to
convention over secure attachment layer associations.
Part 2 capture filters
BPF qualifiers
Type – This is use for number or ID.
Dir – This use for a particular transfer direction from and to.
FTP Control 21
HTTP 80
NTP 123
SSH 22
HTTP web activity
port:
8080 it is running with the other which convey the movement of
HTTP web.
PPTP: 1723 it is utilized for burrowing and encryption standard which
used to interface two private business network together finished a
web association.
L2TP: 1701 it is a burrowing and encryption standard used to interface
two private business network together finished a web association
with making a Virtual Private Network.
Secure IMAP: 993 it is TCP port utilized for SSL Secured IMAP 4 get.
LDAP: 389 it is utilized to discover and oversee network assets on a
various levelled network framework.
LDAP over SSL: 636 TCP port is utilized for lightweight catalogue get to
convention over secure attachment layer associations.
Part 2 capture filters
BPF qualifiers
Type – This is use for number or ID.
Dir – This use for a particular transfer direction from and to.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4ITECH1003 NETWORKING ASSIGNMENT
Proto – This is use to bound the competition to a exact protocol.
Documenting the 3 logical operators for combining primitives
OPERATION NAME DESCRIPTION EXAMPLE
AND (&&) Logical AND ip.src==10.0.0.5 and
tcp.flags.fin
OR (||) Logical OR ip.scr==10.0.0.5 or
ip.src==192.1.1.1
XOR (^^) Logical XOR not llc
Capturing traffic from/to another machine
Capture Traffic between two computer
ip.addr == 192.168.1.11 && ip.addr == 192.168.2.21
Using MAC address
ip.addr == 192.168.1.11 && eth.dst == 08:00:27:01:54:56
Proto – This is use to bound the competition to a exact protocol.
Documenting the 3 logical operators for combining primitives
OPERATION NAME DESCRIPTION EXAMPLE
AND (&&) Logical AND ip.src==10.0.0.5 and
tcp.flags.fin
OR (||) Logical OR ip.scr==10.0.0.5 or
ip.src==192.1.1.1
XOR (^^) Logical XOR not llc
Capturing traffic from/to another machine
Capture Traffic between two computer
ip.addr == 192.168.1.11 && ip.addr == 192.168.2.21
Using MAC address
ip.addr == 192.168.1.11 && eth.dst == 08:00:27:01:54:56
5ITECH1003 NETWORKING ASSIGNMENT
Capture packets from remote Ip address
ip.addr == 192.168.2.21
Capture only ICMP
icmp
Capture packets from remote Ip address
ip.addr == 192.168.2.21
Capture only ICMP
icmp
6ITECH1003 NETWORKING ASSIGNMENT
The above picture shows all the ICMP packets those are capture.
Excluding particular network traffic
Capture Broadcast traffic only - bmc.broadcast_address
Exclude Broadcast traffic only - !( bmc.broadcast_address)
Capture all traffic from a range of network addresses but exclude broadcast traffic
net ipaddress/netmusk and !bmc.broadcast_address
Using port numbers in capture filters
DNS traffic - port 53
DNS traffic being sent from your machine – host ip address port 53
DHCP traffic in either direction - port 67 or port 68.
The above picture shows all the ICMP packets those are capture.
Excluding particular network traffic
Capture Broadcast traffic only - bmc.broadcast_address
Exclude Broadcast traffic only - !( bmc.broadcast_address)
Capture all traffic from a range of network addresses but exclude broadcast traffic
net ipaddress/netmusk and !bmc.broadcast_address
Using port numbers in capture filters
DNS traffic - port 53
DNS traffic being sent from your machine – host ip address port 53
DHCP traffic in either direction - port 67 or port 68.
1 out of 7
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.