ITECH1003/ITECH5003 Networking Assignment: Wireshark Capture Filters

This document provides a comprehensive solution to a Wireshark capture filter assignment, covering essential concepts and practical applications. Part one delves into Wireshark and traffic capture basics, defining promiscuous mode, explaining network layer name resolution, and differentiating between network switches and hubs, highlighting their impact on traffic visibility. It also identifies well-known port numbers for various server programs and network protocols, detailing their functions. Part two explores BPF qualifiers (type, dir, and proto) with examples, documents logical operators for combining primitives, and demonstrates capture filters for specific network traffic scenarios, including capturing traffic between machines using IP and MAC addresses, ICMP traffic, and excluding/including broadcast traffic. The assignment further addresses using port numbers in capture filters for DNS and DHCP traffic. Finally, it includes a challenge exercise explaining a TCP packet filter for detecting RST flags. This solution provides detailed explanations and practical examples for understanding and implementing Wireshark capture filters. Desklib provides access to a wide array of such solved assignments and past papers.