ITECH1003 Networking: Wireshark Capture Filter Assignment Details

Verified

Added on 2023/06/11

AI Summary

This ITECH1003 Networking assignment solution provides a detailed exploration of Wireshark capture filters and their application in network traffic analysis. It begins by explaining promiscuous mode and its role in capturing network packets, followed by a discussion on network switches versus hubs and their impact on traffic visibility. The assignment then delves into BPF qualifiers, logical operators, and practical examples of capturing traffic to and from specific machines, excluding particular network traffic, and utilizing port numbers in capture filters. Screenshots of captured ICMP packets are included to illustrate the concepts. This document showcases how to effectively use Wireshark for network analysis and troubleshooting, and Desklib provides access to similar solved assignments.

Running Head: ITECH1003 NETWORKING ASSIGNMENT
Wireshark Capture Filter assignment
[Student Name]
[University Name]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ITECH1003 NETWORKING ASSIGNMENT
Table of Contents
Part 1 – Wireshark and traffic capture basics.............................................................................2
Part 2 capture filters...................................................................................................................3
BPF qualifiers.........................................................................................................................3
Documenting the 3 logical operators for combining primitives............................................3
Capturing traffic from/to another machine............................................................................4
Excluding particular network traffic......................................................................................6
Using port numbers in capture filters.....................................................................................6

2ITECH1003 NETWORKING ASSIGNMENT
Part 1 – Wireshark and traffic capture basics
Promiscuous mode:
It is a network mode in which the network interface card reads all network packets
which is passing through it. In Wireshark it is performing the same functionality like network
interface card. It records all the network packets.
The Capture > Options dialog allows the Name Resolution of Network Layer
names. It means the it shows the IP address of the DNS address which will help to capture
and identify a particular network packets.
Switch and hub
Switch operates in 2nd layer of the OSI model which is data link layer and hub works
in 1st layer of the OSI model which is physical layer. Switch have many functionalities like
port security, VLANs, also it allows multiple ports for connect all network devices. But hub
does not have these functionalities. Hub sends data in bits or electronic signal form but switch
sends data in frame and packets form. Hub has 4/12 ports and switch has multiport bridge
which is 24/48. Switch is a active device and hub is a passive device.
Switch keeps the MAC address of every devices that’s are connected with it.
Therefore, switch keeps all details of those devices and it decries the response time and also
reduce the network traffic.
Port Number
Protocol Port number
FTP Data 20
FTP Control 21
HTTP 80

3ITECH1003 NETWORKING ASSIGNMENT
NTP 123
SSH 22
SMTP utilized port 25 for exchanging mail. It is a basic mail exchange convention.
HTTPS utilize pot 443. It is playing out an indistinguishable usefulness from HTTP
with more secure association by including SSL or TTL.
POP3 utilize port 110 for recover mail from server.
SNMP utilize port 161/162. SNMP is basic network administration convention for
utilizing networking regulatory reason.
IMAP utilize port 143 for recover mail from server.
DHCP utilized port 67/68. DCHP is utilized to assign IP address to a network
progressively.
Part 2 capture filters
BPF qualifiers
Type – This is use for number or ID.
Dir – This use for a particular transfer direction from and to.
Proto – This BPF qualifiers use to limit the match to a specific protocol.
Documenting the 3 logical operators for combining primitives
OPERATION NAME DESCRIPTION EXAMPLE
AND (&&) Logical AND ip.src==10.0.0.5 and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ITECH1003 NETWORKING ASSIGNMENT
tcp.flags.fin
OR (||) Logical OR ip.scr==10.0.0.5 or
ip.src==192.1.1.1
XOR (^^) Logical XOR tr.dst[0:3] == 0.6.29 xor
tr.src[0:3] == 0.6.29
Capturing traffic from/to another machine
Capture Traffic between two computer
ip.addr == 192.168.1.11 && ip.addr == 192.168.2.21
Using MAC address
ip.addr == 192.168.1.11 && eth.dst == 08:00:27:01:54:56

5ITECH1003 NETWORKING ASSIGNMENT
Capture packets from remote Ip address
ip.addr == 192.168.2.21
Capture only ICMP
icmp

6ITECH1003 NETWORKING ASSIGNMENT
The above picture shows all the ICMP packets those are capture.
Excluding particular network traffic
Capture Broadcast traffic only - bmc.broadcast_address
Exclude Broadcast traffic only - !( bmc.broadcast_address)
Capture all traffic from a range of network addresses but exclude broadcast traffic
net ipaddress/netmusk and !bmc.broadcast_address
Using port numbers in capture filters
DNS traffic - port 53
DNS traffic being sent from your machine – host ip address port 53
DHCP traffic in either direction - port 67 or port 68.