logo

Wireshark Network Traffic Analysis

This assignment requires students to become familiar with Wireshark capture filters, document the qualifiers used in capture filters, construct and use capture filters to capture specific network traffic, and include screen shots of captured network traffic with associated discussion.

9 Pages1507 Words432 Views
   

Added on  2023-06-11

About This Document

This article covers the basics of network traffic analysis with Wireshark, including promiscuous mode, name resolution, network switches vs hubs, BPF qualifiers, logical operators, and capture filters. It also includes examples of capture filters for specific types of network traffic.

Wireshark Network Traffic Analysis

This assignment requires students to become familiar with Wireshark capture filters, document the qualifiers used in capture filters, construct and use capture filters to capture specific network traffic, and include screen shots of captured network traffic with associated discussion.

   Added on 2023-06-11

ShareRelated Documents
PART ONE
i. Describe what the term promiscuous mode means in relation to capturing network traffic
with Wireshark and similar network traffic analysers.
Promiscuous mode allows a network interface card NIC to capture all the packets that come
across the wire even if they are not destined for that particular host
ii. The Capture > Options dialog allows the Name Resolution of Network Layer names.
Describe what this means and describe how it could be used for capturing network traffic.
The name resolution option will try to resolve the IP addresses given into human readable form.
Wireshark issues queries to the DNS to resolve IP host names. Using name resolution is easier
and less time consuming. Once capturing of packets has been done and a name has been
resolved, you should reload so that the packets can be rebuilt with the resolved name.
iii. Describe the difference between a network switch and a network hub. Then explain how
switched networks limit the network traffic that is visible to Wireshark in comparison to
networks that used hubs. (Note – switches are the technology used in today’s computer
networks)
A hub is a network device that connects network devices together. It transmits only one data
packet at a time. When a hub receives a packet from one computer all other computers wait until
the packet reaches its destination. In a hub, when a packet is received from one port, it is
transmitted to all other ports.
A switch is also a device that is used to connect network devices. Unlike the hub, multiple data
packets can be sent through the network simultaneously. Also, a switch forwards a data packet to
the destination address only and not to all ports.
Because switches send data to only a specific port, it does not allow capturing of packets to the
other ports or devices. Unlike a hub that sends data to all its ports hence making it more efficient
to capture all the packets for all ports in wireshark
iv. From the web or any other source determine the well-known port numbers of the following
server programs:
Program Port
ftp data 20
ftp control 21
http 80
NTP 123
ssh 22
Wireshark Network Traffic Analysis_1
Also find the well know port numbers for 6 other network protocols and describe the function
that each protocol performs.
PROTOCOL FUNTION PORT
Simple Mail Transfer
Protocol(SMTP)
Used for sending mails 25
Telnet Used for unencrypted
command line login
23
Domain Name System (DNS) used to convert IP addresses
to domain names
53
Border Gateway Protocol
(BGP)
used for maintaining large
routing tables and traffic
processes
179
Trivial File Transfer Protocol
(TFTP)
used by devices to upgrade
software and firmware
69
Simple Network Management
Protocol (SNMP)
Used for network
management
161 and 162
PART 2
There are three types of BPF qualifiers:
Type (3)
Type qualifier. It specifies the type of thing, its name id or the number it represents. It includes
the host, net and port.
Host 192.168.12.56 this capture filter is used to capture all the traffic between the machine that
has Wireshark and the IP address of the specified computer. All the packets that are sent between
the two computers are captured
tcp port 80. This filter is used to capture all the packets that are passing through the port 80. This
refers to TCP traffic.
net 192.168.10.0/24. This filter is used to capture all the traffic on that particular network.
Dir (2)
Dir qualifiers specify a particular transfer direction to and/or from id. Possible directions are src,
dst
src 192.168.10.5 this capture filter is used to capture all traffic from that particular machine.
Only the traffic generated from that computer will be captured.
dst net 192.168.0.0/24 this capture filter is used to capture all the traffic to a range of the
specified IP addresses
Wireshark Network Traffic Analysis_2
Proto (8)
Proto qualifiers restrict the match to a particular protocol. Examples: ether, tcp, tr, ip, ip6, arp,
rarp and udp.
ether proto 0x888e capture filter. Used to capture only ethernet generated traffic of type EAPOL
IP capture filter. This captures all the traffic that are IPV4
tcp portrange 1000-1500 this capture traffic on a specified range of ports
arp captures all the arp based traffic
rarp this capture filter captures all reverse arp traffic
ip6 this capture traffic captures all traffic of ip version 6. IPv6 traffic.
udp and port 53. This captures all DNS requests
Documenting the 3 logical operators for combining primitives
AND operator &&.
Udp and port 53. This filter captures all the UDP traffic that comes on port 53
OR operator ||.
TCP port 53 or port 80. This captures tcp traffic that comes on either port 53 or 80
NOT operator !.
TCP port 80 and not host 192.168.1.12. this filter captures all the traffic coming from port 80 but
not any traffic coming from the specified host
Wireshark Network Traffic Analysis_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
ITECH1003 Networking Assignment
|8
|855
|41

Wireshark Capture Filter Assignment
|7
|661
|411

Wireshark Capture Filter Assignment
|7
|712
|263

IT Wireless: WLAN Tools, Packet Capture, and Wireless Technologies
|16
|2601
|65

Report on Network Forensics
|12
|1261
|65

Lab Exercises on Digital Security Fundamentals, Cryptographic Principles, Symmetric Encryption, Asymmetric Encryption, and Secure Hash Functions
|33
|6001
|366