Bharatiya VidyaBhavan’s

Bhava Sardar Patel Institute of Technology

Bhavan’s Campus, Munshi Nagar, Andheri (West), Mumbai-
400058-India (Autonomous College Affiliated to University of
Mumbai)
Department of Electronics and Telecommunication

Course code EC 307 Computer Communication Network

Name: Gaurang Gawas UID: 2021201071

EXPERIMENT-6
Aim: Study and Practical Implementation of Wireshark Software for:
1. Packet Capturing
2. Packet Analysis

Apparatus (Software): Desktop/ Laptop, Wireshark Software

Theory:
Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as
much detail as possible. You could think of a network packet analyzer as a measuring device for
examining what’s happening inside a network cable, just like an electrician uses a voltmeter for
examining what’s happening inside an electric cable (but at a higher level, of course).In the past, such
tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has
changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available
today.

Uses of Wireshark:
● Troubleshoot network problems.
● Learn network protocol internals.
● Debug protocol/program implementation.
● Examine network-related security issues.
When we start the Wireshark application, the app starts to capture every packet
going away from and inside the device.

1. Installation of KaliLinux

Here are the steps to install Kali Linux:

1. First, download the Kali Linux ISO file from the official Kali Linux website.
2. Burn the ISO file to a DVD or create a bootable USB drive using software like
Rufus or Etcher.
3. Insert the DVD or USB drive into the computer where you want to install Kali Linux.
4. Reboot the computer and enter the BIOS settings to set the boot priority to either
the DVD or USB drive.
5. Save the changes and exit the BIOS settings. The computer should now boot from
the DVD or USB drive.
6. Select the "Graphical Install" option from the boot menu and follow the on-screen
instructions to install Kali Linux.
 7. During the installation process, you will be prompted to configure the language,
keyboard layout, and time zone.
8. You will also need to create a username and password for the Kali Linux system.
9. Choose the appropriate partitioning method for your system. You can either install
Kali Linux on the entire hard drive or alongside an existing operating system.
10. Once the installation process is complete, remove the DVD or USB drive and
reboot the computer.
11. Enter your username and password to log in to Kali Linux.

It is important to note that Kali Linux is a specialized operating system designed for
penetration testing and cybersecurity professionals. If you are not familiar with Linux, it may
be difficult to use and configure. It is recommended that you have some experience with
Linux before attempting to install and use Kali Linux.
 2. Installation of Net cat

1. Open the terminal on your Linux system.

2. Type the following command to update the package lists:

sudo apt-get update

3. Type the following command to install Netcat:

sudo apt-get install netcat

4. Press "Y" to confirm the installation when prompted.

5. Once the installation is complete, type the following command to check the version
of Netcat that was installed:

nc -v

6. This should display the version of Netcat that was installed on your system.

Note: The above steps are for installing Netcat on Ubuntu or Debian-based systems. If you
are using a different Linux distribution, the commands may vary slightly.

Alternatively, you can also download the Netcat source code from the official website and
install it manually. Here are the steps for manual installation:

1. Download the Netcat source code from the official website.

2. Extract the downloaded file.
3. Open the terminal and navigate to the extracted folder.
4. Type the following command to compile the source code:

make

5. Once the compilation is complete, type the following command to install Netcat:

sudo make install

6. Netcat should now be installed on your system. You can check the version using the
same command as mentioned in Step 5 above.

Note: Manual installation of Netcat requires some experience with Linux and the command
line.
 3. How to capture the packet using WIRESHARK

1. Install Wireshark on your Linux system using the package manager. For example,
on Ubuntu, you can use the following command.
sudo apt-get install wireshark

2. Open the Wireshark application. You will need to have root or sudo privileges to
capture packets.

sudo wireshark

3. Select the interface on which you want to capture packets from the list of available
interfaces. You can see the list of interfaces by clicking on the "Capture Options"
button.
4. Click on the "Start" button to begin capturing packets.
5. You can now see the captured packets in the Wireshark window. You can filter the
packets by protocol, IP address, port number, etc.
6. Once you have captured the packets you need, click on the "Stop" button to stop
the capture.
7. You can save the captured packets as a file by clicking on "File" -> "Save As".
Wireshark supports various file formats such as PCAP, PCAPNG, etc.

Note: Capturing packets with Wireshark requires some knowledge of networking concepts
and protocols. It is important to understand the implications of capturing packets on a live
network, as it may impact the network performance or raise security concerns. It is
recommended that you use a test or lab environment for packet capture and analysis.

4. How to analyze packet

1. Open the Wireshark application on your Linux system.

2. Open the captured packet file you want to analyze by clicking on "File" -> "Open".
3. Once the file is loaded, you can see the list of captured packets in the
Wireshark window.
4. Click on any packet to view its details. You can see various details such as source and
destination IP addresses, protocol type, port numbers, packet length, etc.
5. You can apply filters to the captured packets to view specific packets based on a
particular protocol or IP address. For example, you can apply a filter to show
only HTTP packets or packets from a specific IP address. To apply filters, click
on "Capture" -> "Filter" or press "Ctrl + L".
6. You can also analyze the packets based on the protocol they belong to. Wireshark can
decode various protocols such as TCP, UDP, HTTP, DNS, SSL, etc. To view the
details of a particular protocol, click on any packet and then click on the "Protocol"
field in the details pane. This will expand the details of the protocol and show you
more information about the packet.
7. Wireshark can also help you troubleshoot network issues by identifying problems
such as packet loss, delay, or errors. You can use the graphs and statistics available in
Wireshark to analyze the network performance and identify issues. For example, you
can view graphs of network throughput, packet loss, or latency by clicking on
"Statistics" -> "IO Graphs".
8. You can save the analysis results by clicking on "File" -> "Export Packet Dissections"
and selecting a file format. Wireshark supports various file formats such as CSV,
JSON, and HTML.
Output Screen shots of all
UDP Port=53

TCP
 HTTP :

Conclusion:
1. Wireshark was used in this experiment to record and examine network traffic leaving
the laptop.
2. Every protocol used is followed by Wireshark, and the data can be saved and
recorded. This allows for easy identification of similar problems in the future using
the previous data.
3. The best tool for collecting and analysing each packet's bitwise information is
Wireshark, which can be extremely useful in identifying network issues.
4. Additionally, Wireshark can be used to spot network security risks like erroneous
activity or suspicious traffic patterns.