PricingBlogAbout Us

ITECH1003 Networking Assignment: Analyzing Wireshark Capture Filters

Verified

Added on  2023/06/11

|7
|712
|263
Homework Assignment
AI Summary
This document presents a solution to an ITECH1003 Networking assignment focused on Wireshark capture filters. It begins with an overview of Wireshark and basic traffic capture concepts, including promiscuous mode, the function of switches and hubs, and the significance of port numbers for various protocols such as FTP, HTTP, NTP, and SSH. The solution then delves into capture filters, explaining BPF qualifiers (Type, Dir, Proto) and detailing the use of logical operators (AND, OR, XOR) for combining primitives. Practical examples demonstrate capturing traffic from/to specific machines using IP and MAC addresses, excluding particular network traffic like broadcast traffic, and filtering traffic based on port numbers for services like DNS and DHCP. The assignment showcases the configuration and application of Wireshark filters for effective network traffic analysis.
Document Page
Running Head: ITECH1003 NETWORKING ASSIGNMENT
Wireshark Capture Filter assignment
[Student Name]
[University Name]
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1ITECH1003 NETWORKING ASSIGNMENT
Table of Contents
Part 1 – Wireshark and traffic capture basics.............................................................................2
Part 2 capture filters...................................................................................................................3
BPF qualifiers.........................................................................................................................3
Documenting the 3 logical operators for combining primitives............................................3
Capturing traffic from/to another machine............................................................................4
Excluding particular network traffic......................................................................................6
Using port numbers in capture filters.....................................................................................6
Document Page
2ITECH1003 NETWORKING ASSIGNMENT
Part 1 – Wireshark and traffic capture basics
Promiscuous mode:
This term is characterized as the extraordinary method of Ethernet equipment in
which network interface cards permits a NIC to get all activity on the network, regardless of
whether it isn't addressed to this NIC. It additionally enables a network gadget to block and
read each network parcel that touches base in this network.
The Capture > Options discourse permits the Name Resolution of Network Layer
names. It implies it demonstrates the IP address of the DNS address which will catch and
distinguish a specific network parcel.
Switch and hub
Switch works in second layer of the OSI show which is information interface layer
and hub works in first layer of the OSI display which is a physical layer. The switch has
numerous functionalities like port security, VLANs, likewise it enables various ports to
interfacing all network gadgets. Be that as it may, hub does not have these functionalities.
Hub sends information in bits or electronic flag shape yet switch sends information in casing
and parcels frame. Hub has 4/12 ports and switch has a multiport connect which is 24/48. The
switch is a dynamic gadget and hub is an aloof gadget.
The switch keeps the MAC address of each gadget that is being associated with it. In
this manner, switch keeps all points of interest of those gadgets and it denounces the reaction
time and furthermore lessens the network activity.
Port Number
Protocol Port number
FTP Data 20

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3ITECH1003 NETWORKING ASSIGNMENT
FTP Control 21
HTTP 80
NTP 123
SSH 22
HTTP web activity
port:
8080 it is running with the other which convey the movement of
HTTP web.
PPTP: 1723 it is utilized for burrowing and encryption standard which
used to interface two private business network together finished a
web association.
L2TP: 1701 it is a burrowing and encryption standard used to interface
two private business network together finished a web association
with making a Virtual Private Network.
Secure IMAP: 993 it is TCP port utilized for SSL Secured IMAP 4 get.
LDAP: 389 it is utilized to discover and oversee network assets on a
various levelled network framework.
LDAP over SSL: 636 TCP port is utilized for lightweight catalogue get to
convention over secure attachment layer associations.
Part 2 capture filters
BPF qualifiers
Type – This is use for number or ID.
Dir – This use for a particular transfer direction from and to.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4ITECH1003 NETWORKING ASSIGNMENT
Proto – This is use to bound the competition to a exact protocol.
Documenting the 3 logical operators for combining primitives
OPERATION NAME DESCRIPTION EXAMPLE
AND (&&) Logical AND ip.src==10.0.0.5 and
tcp.flags.fin
OR (||) Logical OR ip.scr==10.0.0.5 or
ip.src==192.1.1.1
XOR (^^) Logical XOR not llc
Capturing traffic from/to another machine
Capture Traffic between two computer
ip.addr == 192.168.1.11 && ip.addr == 192.168.2.21
Using MAC address
ip.addr == 192.168.1.11 && eth.dst == 08:00:27:01:54:56
Document Page
5ITECH1003 NETWORKING ASSIGNMENT
Capture packets from remote Ip address
ip.addr == 192.168.2.21
Capture only ICMP
icmp

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6ITECH1003 NETWORKING ASSIGNMENT
The above picture shows all the ICMP packets those are capture.
Excluding particular network traffic
Capture Broadcast traffic only - bmc.broadcast_address
Exclude Broadcast traffic only - !( bmc.broadcast_address)
Capture all traffic from a range of network addresses but exclude broadcast traffic
net ipaddress/netmusk and !bmc.broadcast_address
Using port numbers in capture filters
DNS traffic - port 53
DNS traffic being sent from your machine – host ip address port 53
DHCP traffic in either direction - port 67 or port 68.
chevron_up_icon
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.