PricingBlogAbout Us

ITECH1003 Networking Assignment 1: Wireshark Capture Filters Analysis

Verified

Added on  2020/02/24

|8
|855
|41
Homework Assignment
AI Summary
This document provides a comprehensive solution to an ITECH1003 Networking assignment focusing on Wireshark capture filters. It begins with an overview of Wireshark basics, including promiscuous mode and the conversion of DNS to IP addresses. The assignment then details the functionality differences between switches and hubs, and lists common port numbers for various protocols like FTP, HTTP, NTP, SSH, SMTP, DHCP, HTTPS, SNMP, IMAP, and POP3. The core of the solution covers Wireshark capture filters, explaining BPF qualifiers (Type, Dir, Proto) and providing examples of their use. It also documents the three logical operators (AND, OR, XOR) for combining primitives and demonstrates how to capture traffic from/to specific machines using IP and MAC addresses. Furthermore, the assignment addresses excluding particular network traffic, such as broadcast traffic, and using port numbers to filter specific traffic like DNS and DHCP. The solution showcases practical applications of Wireshark to analyze and filter network traffic effectively.
Document Page
Running Head: ITECH1003 NETWORKING ASSIGNMENT
Wireshark Capture Filter assignment
[Student Name]
[University Name]
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1ITECH1003 NETWORKING ASSIGNMENT
Table of Contents
Part 1 – Wireshark and traffic capture basics.............................................................................2
Part 2 capture filters...................................................................................................................3
BPF qualifiers.........................................................................................................................3
Documenting the 3 logical operators for combining primitives............................................4
Capturing traffic from/to another machine............................................................................4
Excluding particular network traffic......................................................................................6
Using port numbers in capture filters.....................................................................................6
Document Page
2ITECH1003 NETWORKING ASSIGNMENT
Part 1 – Wireshark and traffic capture basics
promiscuous mode: promiscuous mode is a mode in Wireshark where network
adapter received and read all data packets. This mode must be supported by both the network
adapter in addition to the host system input and output driver.
The Capture > Options dialog allow to convert the DNS in to IP address. With the
help of this IP address the Wireshark can show the packets for the specific IP address.
Switch and hub mainly have the same functionality but it has few difference. Switch
connect all the network segment in a single LAN. But Hub connect all the computer together
and every single device act as a single network segment. Switch has the functionality to limit
the traffic and it will not visible in the Wireshark.
Port Number
Protocol Port number
FTP Data 20
FTP Control 21
HTTP 80
NTP 123
SSH 22
SMTP used port 25 for transferring mail. It is a simple mail transfer protocol.
DHCP used port 67/68. DCHP is used to allocate IP address to a network
dynamically.
HTTPS use pot 443. It is performing the same functionality as HTTP with more
secure connection by adding SSL or TTL.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3ITECH1003 NETWORKING ASSIGNMENT
SNMP use port 161/162. SNMP is simple network management protocol for using
networking administrative purpose.
IMAP use port 143 for retrieve mail from server.
POP3 use port 110 for retrieve mail from server.
Part 2 capture filters
BPF qualifiers
Type – This qualifier says that the ID name type or the number refers to.
Dir – This qualifier says that a particular transfer direction from and to.
Proto – This BPF qualifiers use to limit the match to a specific protocol.
Example –
Host 192.168.10.2 – it will show only the packets where host is 192.168.10.2
Dst 192.168.10.2 – it will show the packets which destination address is 192.168.10.2
Port 80 – It will show the packets of the port number 80
Src 192.168.10.2 – it will show only packets which source address is 192.168.10.2
Ip 192.168.10.2 – It will show only the packets associated with the ip address
192.168.10.2
Ether host 192.168.10.2 – it shows only packets those are capture from this Ethernet
port.
tcp[13] == 18 – TCP SYN-ACK packets
udp port sip - should capture UDP traffic to and from that port
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4ITECH1003 NETWORKING ASSIGNMENT
http – its shows only http packets
Documenting the 3 logical operators for combining primitives
Operation Name Description Example
And (&&) Logical AND ip.src==10.0.0.5 and
tcp.flags.fin
Or (||) Logical OR ip.scr==10.0.0.5 or
ip.src==192.1.1.1
Xor (^^) Logical XOR tr.dst[0:3] == 0.6.29 xor
tr.src[0:3] == 0.6.29
Capturing traffic from/to another machine
Capture Traffic between two computer
ip.addr == 192.168.1.11 && ip.addr == 192.168.2.21
The above filter is used to capture packets between two computers. The ip.add is used to
define two different computer IP address and the && is used to and logical operation.
Using MAC address
Document Page
5ITECH1003 NETWORKING ASSIGNMENT
ip.addr == 192.168.1.11 && eth.dst == 08:00:27:01:54:56
This filter type is also same as previous address only in the destination section filter is
changed for MAC address. For destination MAC address filter is eth.dst == MAC address.
Capture packets from remote Ip address
ip.addr == 192.168.2.21
Capture only ICMP
icmp

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6ITECH1003 NETWORKING ASSIGNMENT
The above picture shows all the ICMP packets those are capture.
Excluding particular network traffic
Capture Broadcast traffic only - bmc.broadcast_address
Bmc is used to shows the broadcast address packets
Exclude Broadcast traffic only - !( bmc.broadcast_address)
Exclamation mark is used for not equals and it will show all the packets exclude all the
broadcast traffic.
Capture all traffic from a range of network addresses but exclude broadcast traffic
net ipaddress/netmusk and !bmc.broadcast_address
net command is used to capture all the traffic from a range of IP address and letter part of the
above filter and operation used to add another filter in the same capture. End filter is used to
exclude all the broadcast traffic.
Using port numbers in capture filters
DNS traffic - port 53
Port 53 filter only shows the DNS traffic those are use port 53
DNS traffic being sent from your machine – host ip address port 53
Host is use for main IP address and port 53 is used for shows only DNS traffic.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7ITECH1003 NETWORKING ASSIGNMENT
DHCP traffic in either direction - port 67 or port 68
Port 67 and 68 is used for shows all the DHCP traffic in either direction.
chevron_up_icon
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.